[00:01] davecheney: yeah [00:03] thumper: merged your packaging fixes [00:03] thank you very much [00:03] davecheney: awesome, ta [00:03] davecheney: lp hasn't noticed, have you pushed your packaging branch back up? [00:03] it has [00:03] it's sending me all sorts of email [00:04] sppokey [00:05] davecheney: ah, I see it now, the MP is marked as merged. [00:05] davecheney: I wrote that magic :) [00:06] how does it work ? [00:06] smell your branch in my push ? [00:06] (ewww) [00:07] kinda... [00:07] it notices a push from your branch. [00:07] it then looks for any pending merge proposals targetting your branch [00:07] it then looks at the tip revision id for each of those merge proposals [00:07] and if the tip revision of the source branch is in your branches ancestry, it gets marked merged [00:08] and it also works out which revision number on your branch it was merged at and saves that too [00:16] very nice [00:20] * bigjools appreciates thumper's work there too [00:21] the branch also gets its state changed to "merged" too [00:21] so it drops off the various branch listing pages [00:21] * thumper fires off the can of worms email before going to lunch [00:26] so... lunch [00:26] * davecheney reads [00:27] davecheney: did you say that there were bugs around this pipe closing behaviour? [00:27] davecheney: or were you referring to the hook serialisation bugs? [00:27] oh, that [00:27] that is fine [00:27] you are sending EOF to stdin on the child process [00:27] then waiting for it to exit [00:27] the race is actaully the line after that [00:27] were we close the logger [00:28] ah... no, I don't think that is write [00:28] we aren't closing stdin of the child [00:28] the outWriter is only set for stdout and stderr [00:29] so the process writes to the pipe [00:29] that is crack, if you close the stdout of a child process, it'll get EPIPE [00:29] this code is really subtle [00:29] * davecheney goes to reread [00:31] * thumper goes to lunch, and to drop stuff in at the 2nd hand shop [00:38] I've got juju core tests passing on a new raring VM, but when I try locally I get loads of failures (I mean LOADS) like this: [00:38] [LOG] 24.71999 ERROR api: error receiving request: read tcp 127.0.0.1:57535: use of closed network connection [00:38] I've no idea what's different locally, how can I work this out? [00:41] also, constraints_test.go:283: is failing on raring, it claims that lp:1132537 is fixed [00:42] bigjools: i think that isn't the error [00:42] just a symptom of the TearDownTest running after a failure [00:42] almost certainly [00:42] bigjools: got a larger paste ? [00:43] I'll re-run, the output is massive [00:44] give it its due - this is the first test suite that brought my 4-core to its knees [00:45] that we do [00:46] the disk is gettng hammered [00:46] blame mongo [00:46] i put /tmp on a /tmpfs [00:47] heh [00:47] I used to do that for Launchpad tests [00:48] didn't make a lot of difference [00:48] on the bright side, the mongo in raring works out of the box with juju-core [00:50] excellent [00:50] that is good news [00:50] davecheney: http://paste.ubuntu.com/5688064/ [00:51] bigjools: turns out [00:51] it doens't [00:51] PANIC: addrelation.go:0: ConstraintsCommandsSuite.TearDownTest [00:51] ... Panic: local error: bad record MAC (PC=0x4117A4) [00:51] /build/buildd/golang-1.0.2/src/pkg/runtime/proc.c:1443 in panic [00:51] /home/ed/canonical/GO/src/launchpad.net/juju-core/testing/mgo.go:178 [00:51] ^ your mongo does not speak TLS [00:52] davecheney: wtf, the same mongo is installed on the VM, which works [00:52] ldd $(which mongod) [00:52] (from memory) [00:52] yeah [00:52] ssl is linked [00:52] better, mongod -h [00:52] shows ssl options at bottom [00:58] * bigjools is stumped [01:00] got several mongos installed ? [01:00] not that I can see [01:00] but looking for stray ones as we speak [01:00] well, waiting for updatedb :) [01:06] bigjools: I'm running raring, and tests passing [01:06] bigjools: apart from an intermittant one this morning [01:13] thumper: ta [01:49] go fmt is great and all, but it creates extra lines of diff (and buggers bzr blame) lining up struct items if I add a new long one :( [01:51] seroiusly fellas, can you please create a new channel for bitching about Go [01:55] will that make Go better? [02:00] it'll make me feel better [02:00] Go is what it is [02:00] it's not going to change [02:00] not in a timeframe that is relevent to the problem at hand [02:01] so all this bitching just gives me heartburn [02:02] "it's not going to change" ... then it'll die [02:02] davecheney: can you remind me what it means to do a case <- some_channel in a select? [02:02] davecheney: under what situations does it wait? [02:02] davecheney: if it is a closed channel, it skips it? [02:03] bigjools: not everyone cares about whitespace changes [02:03] it will wait only in the case that there is no default: clause in a select, and none of the other cases are rady [02:03] bigjools: better tools can help that [02:03] ready [02:03] thumper: that's my point [02:03] bigjools: what I mean is that it is not necessarily gofmt that is at fault, but the diff checking tools [02:04] thumper: arguably, yes. Although whitespace is important in some places of course (Python) [02:04] davecheney: so for example: cmd/jujud/machine.go:80 will wait for both channels to close before moving on [02:05] bigjools: sure, but not really go [02:05] yes, that will block until one of those conditions is true [02:05] got I hate the name tomb [02:06] it doesn't explain what it does at all [02:06] thumper: the trick is that it then nils out the channel reference, so it can never be satisfyable again [02:06] davecheney: sure, but it looks like if either one fails, the tomb sets to dying [02:07] yes, then it loops agian [02:07] davecheney: so <-nil is valid? [02:07] from a quick reading, it's waiting for both of those things to finish [02:07] then keeping the more important error of the two [02:08] moreImportant(err, err) may be a subjective judgement [02:33] WHO THE FUCK CHANGED THIS !!! [02:33] 2013/04/08 12:33:09 INFO JUJU:juju:bootstrap environs: searching for tools compatible with version: 1.9.13-precise-amd64 [02:33] 2013/04/08 12:33:09 DEBUG JUJU:juju:bootstrap listing tools in dir: tools/juju-1. [02:33] 2013/04/08 12:33:14 DEBUG JUJU:juju:bootstrap listing tools in dir: tools/juju-1. [02:33] 2013/04/08 12:33:15 ERROR JUJU:juju:bootstrap juju bootstrap command failed: cannot find tools: use of closed network connection [02:33] the directory that we look for public tools has changed [02:34] huh? [02:34] it should be tools/ [02:34] not tools/juju-1. [02:35] hmm... [02:36] I thought that listed tools starting with that, so only listed version 1 tools [02:36] maybe the listing hasn't change [02:36] changed [02:36] it just never failed before [02:36] odd, it works with the source version, even without using upload tools [02:37] maybe ec2 is having a lie down [02:37] maybe [02:37] yup, now it works [02:37] :) [02:38] panic over? [02:38] it's justifyable [02:38] almost every day I go to test the tool [02:38] panic expected? [02:38] it's borken [02:54] * thumper sighs... [02:54] why does go make me have a return statement at the end of the function if it just says "return" [02:54] that's dumb [02:54] thumper: do you get FAIL: constraints_test.go:276: ConstraintsSuite.TestGoyamlRoundtripBug1132537 [02:54] on raring? [02:54] bigjools: nope [02:54] bigjools: tests pass for me on raring [02:55] that's the only one I see failing [02:55] did you update goyaml lately? [02:56] nope [02:56] I am on revno 39 [02:57] * thumper looks [02:57] 36 [02:57] that'll be it then [02:58] * bigjools lunches, ttyl [02:58] maybe... [02:58] * thumper wonders where kapil's tool is to get the reproducible builds... [02:58] * thumper goes to get girls from school [02:58] bbs [03:19] back [04:19] * thumper wondered why juju boostrap failed so often with error: cannot find tools: use of closed network connection [04:19] and then it suddenly worked [04:19] ?! [04:28] * thumper away, probably back later [06:30] mornin' all [07:07] dimitern: ping [07:08] rogpeppe: hey [07:08] dimitern: ho! [07:08] dimitern: i was just looking at status watching for the allWatcher [07:08] rogpeppe: yeah? [07:09] dimitern: and realised that there's no statusDoc - we have a different doc type for units and machines [07:09] dimitern: that makes things more awkward, and i was wondering if there's a compelling reason for it [07:09] rogpeppe: that's right [07:10] rogpeppe: because they're potentially different types of status information (units/machines) [07:11] dimitern: i'm considering two alternatives: 1) just define the status as a string for each, and type-convert the result when returning Status. 2) have a different field name for each, and omit the other one when empty [07:12] dimitern: because it makes my code considerably simpler if i can assume that each collection has a uniform schema [07:13] rogpeppe: what's the complication now? [07:15] dimitern: the code is simpler if i assume that there's a single type for a collection that can know how to marshal itself from the collection and how to update the allInfo when it changes [07:15] dimitern: and i think that the rest of the code becomes no more complex, to be honest [07:15] dimitern: in fact, it probably becomes a bit less magic [07:16] rogpeppe: i'm not convinced getting rid of typed UnitStatus + constants (and for machines as well) is a better solution [07:17] dimitern: i'm not suggesting that [07:17] dimitern: the external interface (Status and GetStatus) would remain exactly as is [07:18] rogpeppe: you're saying to save them in a single doc, casted as strings [07:18] dimitern: that's option 1, yes. [07:18] dimitern: it's statically type safe [07:18] dimitern: which the current scheme is not [07:18] rogpeppe: and the 2nd option? how's the field names important? [07:19] dimitern: you'd have type statusDoc struct {UnitStatus params.UnitStatus `bson:",omitempty"; MachineStatus params.MachineStatus `bson:"omitempty"`; Info string} [07:20] rogpeppe: so it's like a union [07:20] dimitern: yeah [07:21] dimitern: which is kinda what's happening now anyway [07:21] rogpeppe: hmm... yeah, although it's explicit [07:22] rogpeppe: so what about the field names? [07:22] dimitern: what about them? [07:23] rogpeppe: ah, sorry - I though using the same names for the 2 different docs was confusing [07:23] dimitern: the point is i'd like there to be only one doc, same as we've got for every other collection [07:24] rogpeppe: both options seem fair enough [07:24] rogpeppe: i'd like to pass this through fwereade as well [07:24] dimitern: yeah [07:24] rogpeppe: I might be missing some subtleties [07:26] dimitern: the second is more versatile (if we wanted to change UnitStatus to be more than a string, that would be ok); but that would be a major-version change in the current scheme too. [07:27] dimitern: i'm leaning towards option 1 currently. it's the simplest approach, and not hard to change in a backwardly compatible way. [07:27] dimitern: thanks for the discussion. i'll pass it by william when he comes online [07:31] fwereade: hey [07:31] dimitern, hey dude [07:32] fwereade: having a bit of discussion with rogpeppe here, about having a single statusDoc to simplify the allwatcher [07:32] fwereade: morning! [07:32] rogpeppe, heyhey [07:32] * fwereade raises at least half an eyebrow but would like to hear more [07:32] fwereade: yeah - status is the only place (i think!) where we have more than one schema doc for a collection [07:33] rogpeppe, ah, yes [07:33] fwereade: it doesn't look like the gains are worth that much to me [07:33] fwereade: and if it was consistent, it would make my code simpler (and probably the existing code would be a little simpler too) [07:33] rogpeppe, well, it's really down to "are the unit status constants the same as the machine ones" [07:34] rogpeppe, I am not unsympathetic to arguments that, yes, they are [07:34] fwereade: in my mind it's down to "can they both be represented by a string?" [07:34] fwereade: but there's an alternative approach if we think they might grow bigger [07:35] * fwereade is listening [07:35] fwereade: we could have a different field for the different kinds of status [07:35] fwereade: type statusDoc struct {UnitStatus params.UnitStatus `bson:",omitempty"; MachineStatus params.MachineStatus `bson:"omitempty"`; Info string} [07:35] rogpeppe, mm, not so awfully keen there [07:35] fwereade: (which is actually the go standard approach to "unions" when marshalling) [07:35] rogpeppe, interesting [07:36] fwereade: but tbh at the moment i'm leaning towards type statusDoc struct {Status string; Info string} [07:37] fwereade: and (static) type-convert when returning from the Status function and calling SetStatus [07:38] moin [07:38] TheMue: hiya! [07:38] rogpeppe, that does sound reasonable, I think [07:38] fwereade: cool [07:40] TheMue, heyhey [07:46] rogpeppe: I have to finish nonced provisioning branches first, then I'll propose the change to status [07:46] dimitern: i'm happy to do it if you like [07:46] dimitern: it's on the critical path for me [07:46] rogpeppe: that'll be awesome [07:46] rogpeppe: thanks [08:10] fwereade: did we agree not to make MachineNonce required in the first CL (agent.Conf / MachineConfig)? [08:11] dimitern, I think we planned to require it and pass a non-empty fake [08:11] dimitern, but as you prefer [08:11] fwereade: yeah, so I recall correctly [08:13] dimitern: i'm just trying to understand this comment, that the _id in the status doc is omitted "to allow direct use of the document in both create and update transactions." [08:13] fwereade: hmm.. no actually - see here: https://codereview.appspot.com/8247045/diff/1/environs/agent/agent_test.go#newcode226 [08:13] dimitern: how does omitting _id allow that? [08:14] rogpeppe: it allows you to do statusDoc{status, info}, rather than statusDoc{x.globalKey(), status, info} [08:14] dimitern: and if that's true, how do the other docs get away with having that field and using the same doc for both create and update transactions [08:14] ? [08:14] dimitern: so we're just trying to save one function call? [08:15] rogpeppe: no, we're still calling it, when we need to pass Id: of the txn.Op [08:15] dimitern: so is the comment misleading? [08:15] dimitern: is it actually "allowing" something, or is it just a convenience? [08:16] rogpeppe: maybe it should've been "allows you to avoid specifying an explicit key for the document" or something [08:16] dimitern: i'm only saying because i'd find it useful to have it there [08:16] dimitern: and i'm wondering if there's a particular reason to avoid it [08:16] rogpeppe: have the _id key? [08:16] dimitern: yeah [08:17] dimitern: it means a status doc can know its own id [08:17] rogpeppe: well, for settingsRefDoc{1} works better than for the statusDoc{x, y} perhaps [08:18] rogpeppe: is this that useful? [08:18] rogpeppe, sorry, which docs with _ids do we use in updates? [08:18] rogpeppe, I see a statusDoc as a dumb transport mechanism essentially -- to get one, you have to have a globalKey [08:19] fwereade: looking at the comment link I posted above, istm for that test to be valid, nonce shouldn't be required [08:19] rogpeppe, but in your case I can see how it would be useful [08:20] dimitern, ah, sorry [08:20] dimitern, we agreed required in MachineConfig [08:20] rogpeppe: but not it agent.Conf? [08:20] dimitern, every MC refers to a machine; not every Conf does [08:20] fwereade: yeah, the only other place is constraintsDoc, i see [08:20] fwereade: which equally doesn't have an id field [08:20] fwereade: ok [08:21] rogpeppe, I was asking about the otherway round actually [08:21] dimitern: yeah, agent.Conf is used by all agents [08:21] rogpeppe, how often do we update whole docs? [08:21] dimitern: but the nonce is only used by the machine agent [08:22] fwereade: constraints is the only place [08:23] hey guys, meet danilos - newest member of blue squad! [08:23] fwereade: and i'm going to have the same issue there [08:23] danilos: welcome! [08:24] danilos, heyhey [08:24] rogpeppe, I am having trouble figuring out the problem though [08:24] rogpeppe, you get events which have the _id of the changed document [08:24] rogpeppe, that tells you everything you need to know, right? [08:25] fwereade: yeah, you're right, there's no problem. [08:25] rogpeppe, what's the situation where you need an _id and don;t have one available? [08:25] rogpeppe, ah ok [08:26] fwereade: i now understand that comment :-) [08:27] rogpeppe: care to explain what you understood for me? :) [08:27] dimitern: i'd thought that other docs were used in update transactions [08:28] dimitern: but actually they're not (and presumably you'll get an error if you do) [08:28] rogpeppe, yeah, IIRC it complains about setting _id even if it matches [08:28] rogpeppe: what other docs? they're only 2 of them [08:28] dimitern: unitDoc, machineDoc, etc [08:28] rogpeppe: ah, right! [08:28] fwereade: you could probably use omitempty, but yeah. [08:36] * dimitern needs to dash to the bank before it closes, bbiab [08:37] rogpeppe, fwereade: hi, thanks :) [08:45] rogpeppe, if I wanted to call the api from a unit, is there anything special I need to do? compared to calling it from local machine? [08:48] mattyw: you'll need to know the address of the api server [08:48] rogpeppe, ok, we can grab that from a file - the same as the gui does [08:49] mattyw: and... it might be best if you don't give that unit the keys to the whole environment [08:49] mattyw: but it'll be ok for the time being if you do [08:50] mattyw: actually, you don't use that anyway, so there's no problem [08:51] mattyw: you'll have to store the admin secret in a file too [08:51] mattyw: rather than grabbing it from environments.yaml [08:52] mattyw: or... you could just do exactly the same thing and put bogus provider keys in the environments.yaml file [08:52] mattyw: although tbh it would be better not to - that way your unit can be portable across providers [08:55] rogpeppe, at the moment we can probably just send the admin-secret up to the uint via config setting in the charm [08:56] mattyw: seems reasonable [08:56] mattyw: not very "secret" though :-) [08:57] rogpeppe, yeah - it's not very long term [09:12] fwereade: ping [09:12] TheMue, pong [09:12] fwereade: i'm a bit trapped ;) [09:13] TheMue, I'm sorry about that, how can I help? [09:13] fwereade: i changed the doc to be embedded, i've missed that before. but that i run on a mgo bug returning the error "slice of unaddressable array". [09:14] dimitern: https://codereview.appspot.com/8510043 [09:14] fwereade: so i changed, just for testing, uuid back into a slice instead an array. and hey, it works. [09:14] TheMue, then the complications of the array are too much hassle, I guess [09:14] TheMue, although, embedded? [09:14] fwereade: so next step, set bson:_id on the uuid field. and oh no, it is not hashable. *sigh* [09:15] TheMue, I meant to say a "doc" field [09:15] TheMue: i'd use string for the uuid [09:15] fwereade: eh, not embedded, as a regular field, like in the other entities. wrong word, sorry. [09:15] TheMue: simpler all round [09:15] rogpeppe, +1 [09:15] TheMue, cool, just checking [09:16] rogpeppe, TheMue, I would be fine even if trivial.NewUUID returned a string [09:16] fwereade: sounds good to me [09:16] rogpeppe, TheMue, we don't really seem to get a lot of value out of the type itself [09:16] fwereade: ook, will do so, but only due to technological reasons, which i dislike. a uuid is a 16 octed array, and it has a string representation. [09:17] fwereade: but it shall be ok here. [09:17] TheMue, understood, but I'm fine with and data representation which is (1) unambiguous and (2) convenient [09:17] TheMue: i think there's no good reason why we need to tie ourselves to UUID "standards" [09:19] rogpeppe: i would prefer a database client not having troubles with it. ;) [09:19] TheMue: i'm not sure what you mean [09:20] TheMue: what db client is going to have a problem with an arbitrary string key? [09:20] rogpeppe: and it's no "standards", it's an OSF/DCE standard. [09:21] rogpeppe: not with a string, but the client should be able to handle a simple array of bytes. [09:21] rogpeppe: using the string representation here is just a compromise, but hey, it's ok. [09:21] TheMue: can you name a single advantage that we get from adhering to the OSF/DCE standard? [09:23] TheMue: there's at least one disadvantage that i can think of [09:24] rogpeppe: currently none, but the consequence is to ask for each standard why do you follow it. later, e.g. when having more integration aspects or new people coming into the team, have to maintain the code and ask themselves why here a standard hasn't been used is not good. [09:26] rogpeppe: and we also have no real reason to not follow the standard, only the problem of mgo. [09:26] TheMue: AFAICS the standard here just makes things a little more complex for no gain and some loss. in particular, you can't tell by seeing the UUID that it actually refers to a juju environment or which juju environment it might refer to. [09:26] TheMue: if i'm seeing lots of juju env UUIDs flying around, that's very useful information [09:27] rogpeppe: so you don't talk about a UUID anymore. you talk about an environment identifier and the decision how it has to look like. [09:27] TheMue: yes [09:27] TheMue: that's what we need [09:27] rogpeppe: that's a totally different discussion, even it is a fine one :) [09:27] TheMue: a universally unique environment identifier [09:27] rogpeppe: hehe [09:28] rogpeppe: would not have any problem with it. how would you ensure that it "speaks" and is also unique? [09:29] fwereade: what do you say about it? don't use a UUID but an own invention? [09:29] TheMue: "speaks"? [09:30] TheMue: we ensure that it's unique in exactly the same way as you're doing currently - by using random bytes. [09:30] TheMue, is there some problem with using a string representation of a UUID as you've already implemented it? [09:30] rogpeppe: yeah, i don't have a better word. just a direct translation. ;) an identifier that contains useful informations. [09:31] fwereade: see my comments above. i think it would be nice if our environment identifiers at least identified themselves as environments [09:31] fwereade: please see the discussion above. not technologically, but rogpeppe correctly mentioned, that a regular one doesn't contain helpful informations. [09:32] fwereade: BTW it would be wrong, i think to use the UUID as the key in the environment collection. [09:33] rogpeppe, TheMue: (1) we need to supply JUJU_ENV_UUID (2) if we're calling it a UUID, we should make it resemble one (3) it's convenient to represent it as a string, both in the data layer and when communicating it to hooks (4) make it a string :) [09:33] (5) that came from a UUID in the "standard" way [09:33] (6) unless there's some concern about ambiguity [09:33] rogpeppe, expand please [09:34] fwereade: it means that only way to find out the uuid is by listing all items in that collection. [09:34] fwereade: which may in the future contain more items [09:34] fwereade: reasonable. where does somebody as a user has a direct contact with it? or is it just a pure technical reference to identify an environment? [09:34] rogpeppe, if it contains more items, you'll be accessing it via an environment-specific state connection, won't you? [09:35] TheMue, some charms want to use it, I'm afraid I don't know the detailed use case [09:35] fwereade: it seems odd to use a key that you can't know in advance. [09:35] TheMue, also, landscape wants to be able to identify environments [09:36] fwereade: ok, and today it is a v4 uuid (in th epy code). [09:36] TheMue, and that is a fine thing, and it's convenient to represent it as a string in our case [09:36] TheMue, do they not store it as a string in python? [09:36] TheMue, *surely* that's the convenient representation for yaml-in-zk? [09:37] i think a string is the right representation, and leaves us open to changing the representation easily in the future if we should choose to do so [09:37] fwereade: have to look, the generate it with an external package imho. [09:37] TheMue, python is irrelevant really anyway [09:37] fwereade: i think an "environment uuid" can reasonably look different from other kinds of uuid [09:38] fwereade: i'm thinking of places where we've got something as-yet-to-be-invented that's dealing with lots of environments [09:38] fwereade: but i have no problem with the uuid as string, i'm only coming from a world where the types are used as long as possible and the conversion into a representation (string, xml, json etc) is done when needed. ;) [09:39] fwereade: and that an env-uuid would be a very useful thing to see in log files. [09:39] TheMue, ISTM that we are doing it when needed ;) [09:40] fwereade: due to database client reasons, but ok. :D [09:40] fwereade: it's really an *environment id* we're talking about here [09:40] rogpeppe, agreed -- but the UUID is unique, and no other aspect of an environment necessarily is [09:40] fwereade: which we need to be globally unique [09:40] fwereade: eh, btw, as slice there's no problem. really strange. [09:40] TheMue: your Copy and Raw code is a bit dubious BTW [09:41] TheMue: both of them do exactly the same thing [09:41] rogpeppe, if we're dealing with lots of environments, we'll be identifying them by uuid [09:41] rogpeppe, surely? [09:41] fwereade: yes, but if there are lots of uuids flying around, it would be nice to know which ones refer to juju environments [09:42] fwereade: surely what? [09:42] rogpeppe: only different return types. [09:42] TheMue: Copy is redundant. [09:42] TheMue: uuid1 := uuid [09:42] TheMue: does the same [09:42] rogpeppe, ha, hadn't spotted that [09:42] TheMue: Raw can be just return [16]byte(uuid) [09:43] rogpeppe: came from a uuid being a slice first and indeed has to be changed, yes. thanks. [09:43] rogpeppe, TheMue: weren't we just going to drop the type and return a string? [09:43] fwereade: yeah, just saying for future reference. [09:44] rogpeppe, TheMue: heh, I didn't know you could just "cat /proc/sys/kernel/random/uuid" [09:44] fwereade: any problem with keeping the type but adding a function NewUUIDString() string? [09:44] i'd prefer to see something like juju-24e5f46753 [09:44] fwereade: cool [09:44] fwereade: there are many ways. [09:45] fwereade: that's a bit bigger than our 16 bytes :-) [09:45] rogpeppe, what sort of context are you concerned about? [09:45] rogpeppe: how would the juju-prefix help? [09:45] TheMue: it would say "this string of random hex bytes means something in the context of juju" [09:46] rogpeppe, huh? it just gives you a string representation, like we're discussing [09:46] rogpeppe, I don't see the use case there [09:46] * TheMue neither [09:46] fwereade: we're talking about a name for something [09:46] fwereade: it's nice if names have some meaningful information in them, i think [09:47] rogpeppe: no, the name is the name, the uuid is simply an identifier. [09:47] rogpeppe, what TheMue says [09:47] TheMue: what is an identifier if not a name? [09:47] rogpeppe, I don't want to denormalize name out into the uuid -- what if names become changeable? [09:48] rogpeppe, a name is a property of an environment identifies by a UUID [09:48] rogpeppe: it's a simple reference for something identifying it in a given context and not especially used by human beings. [09:48] fwereade: we already use the name as a key into the user's environment [09:48] TheMue: human beings will see these things all the time [09:49] rogpeppe: they will see the name of the environment, not the id [09:49] fwereade: i think there are probably sound reasons for not including the environment name actually (in particular it's nice to have a fixed-length key) [09:50] fwereade: but i still think our string representation should identify itself as a juju environment identifier [09:50] rogpeppe, yeah, and using plainly non-unique things as keys is rarely very sensible, it's going to be a problem for us [09:50] fwereade: it's a level of sanity checking apart from anything else [09:51] fwereade: it's only part of a key. uuids often contain non-unique sequence numbers too [09:51] rogpeppe, obviously not every bit of a uuid has a unique value :/ [09:51] rogpeppe, look, it's a UUID [09:51] fwereade: indeed. [09:51] rogpeppe, a UUID looks like X [09:51] * TheMue just references http://en.wikipedia.org/wiki/Universally_unique_identifier [09:52] rogpeppe, not like juju-X [09:52] rogpeppe, I'm not going to tell people "we decided to improve on UUIDs" [09:52] rogpeppe, even if they need improvement, now is not the time [09:53] fwereade: it's not "improving on". it's adding some more information so we can easily say "this cannot possibly be a juju uuid" [09:53] fwereade: there is absolutely nothing special about a UUID [09:53] rogpeppe: where do you expect we need to answer this question? [09:53] TheMue: UUIDs come from outside. whenever they do, we ask this question. [09:54] rogpeppe, why do we care about the answer? [09:54] rogpeppe: where do they come from outside? [09:54] rogpeppe, "here's the env" or "env not found" [09:54] fwereade: or "bogus environment identifier" - would be more helpful. [09:55] rogpeppe: if the code asks the db "hey, i wonna have the env with the id 1234" and it finds it it's ok. [09:55] fwereade: if UUIDs were so special, there wouldn't be so many different versions of them. [09:55] rogpeppe, how so? who to? in what way does it pay for 3 engineers at $X/hr when there's a clear implementation out there already that we can just match? [09:55] rogpeppe: only 5 [09:55] rogpeppe, so, you're saying we should improve on them... [09:56] fwereade: i'm saying they're just 16 random bytes in hex. job done. [09:56] rogpeppe: and those 5 version differen in the way they are generated [09:56] rogpeppe: nothing else [09:56] TheMue: and in their string representations [09:56] rogpeppe: that may be identifiers, but they aren't uuids. [09:56] TheMue: why not? [09:57] TheMue: they're ids and they're universally unique. [09:57] rogpeppe, that is not the same thing as a UUID [09:57] rogpeppe: there is only one standard in represent those 16 octets as string, no more [09:57] rogpeppe, we need a UUID [09:57] looking for a second review on https://codereview.appspot.com/8247045/ [09:57] rogpeppe, that is what we will be implementing [09:58] rogpeppe, not an I-decided-this-was-better-than-a-UUID [09:58] fwereade: +1 [09:58] fwereade: it's trivially *exactly the same* as a UUID [09:58] rogpeppe, the bikeshade is puce, and I'm sticking to it [09:58] rogpeppe, words have meanings [09:58] rogpeppe: not the same, only similar [09:59] rogpeppe: and JUJ_ENV_UUID contains the term UUID where people expect it to be one [09:59] * rogpeppe never understood why the form of a set of random bytes mattered [10:00] rogpeppe: maybe due to parsing something expected [10:00] dimitern: it's a string... [10:00] rogpeppe: you're discussing a design decision has been done a long time ago. would the variable has been introduced as JUJU_ENV_ID it would be more open. [10:00] rogpeppe: but the decision has already been made. [10:01] rogpeppe: btw and easy quick review? https://codereview.appspot.com/8247045/ [10:01] dimitern: i'll swap you https://codereview.appspot.com/8510043/ [10:01] rogpeppe: already did yours ;) [10:02] * rogpeppe refreshes his mail and sees it [10:02] dimitern: ta! [10:03] dimitern: "what happens if somehow an invalid value ends up here?" [10:03] dimitern: isn't it just the same as it was before? [10:04] dimitern: i'm not sure i see how things are any different now. [10:04] rogpeppe: well, before Status was typed, now it isn't [10:04] dimitern: i don't think that makes any difference [10:04] dimitern: each one could be read into the other before, as now [10:05] rogpeppe: it does until you cast it explictly i guess [10:05] dimitern: if you used a machine id to fetch a unit status doc before, you'd get exactly the same results as you get now [10:05] rogpeppe: but anyway it's internally accessible only, so it'll be all right [10:05] dimitern: yeah [10:06] dimitern: we do no checking of valid statuses currently [10:06] dimitern: anyone could do m.SetStatus("fdvdsfvfdsvfdsv", "") [10:06] dimitern: with no repercussions [10:07] rogpeppe: not sure - it must be params.MachineStatus value, isn't it? [10:07] dimitern: no [10:07] dimitern: a constant string is assignable to a typed string [10:07] dimitern: you even do it yourself [10:07] rogpeppe: ha! didn't know that [10:07] dimitern: in Status you return "" for MachineStatus [10:08] dimitern: constants in Go are untyped [10:08] rogpeppe: :) cool, point taken [10:21] can someone tell what do I need to setup to run ec2 live tests? [10:23] heya, anybody seen this problem with juju-core and golang from raring: http://pastebin.ubuntu.com/5688989/? I am sure I am doing something wrong, but I wonder what (and I couldn't find any reference web page for the package net/http/cookiejar) [10:24] dimitern: just source your ec2 creds and run in the environ/ec2 dir with -live I think [10:24] though you may also have some other flags now as well [10:24] mgz: I don't have the same creds file as novarc for canonistack [10:25] danilos: you need to call "go build ./..." and then possibly "go test ./..." (note the dot and the slash) [10:25] dimitern, ah, lovely syntax, thanks :) [10:26] you don't? I'm pretty sure john or I emailed you the bzr creds [10:30] mgz: ha! let me look [10:30] look for gpg encrypted junk :) [10:32] mgz: can't seem to find them; anyway I just created an account with aws anyway [10:33] mgz: is there a wiki page with a similar setup for ec2, like for canonistack? [10:33] there's a docs page [10:34] but, I didn't re-edit the ec2 one, so it might not be as useful as the openstack one.... but you should work it out [10:34] I think there's a wrinkle with juju-core in that it doesn't look for the ecuatools form of the envvars [10:36] so do I need anything else beside AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY env vars? [10:37] ...I really want to have a session with evilnick at some point about what we need to make the docs sane for juju-core [10:38] dimitern: only the other normal bits. you can set some things like the region to something other than us east in your environment if you want [10:39] mgz: ok [10:41] dimitern: you have a review https://codereview.appspot.com/8247045/ [10:41] rogpeppe: cheers! [10:41] fwereade: any chance of a second opinion? https://codereview.appspot.com/8510043/ [10:52] rogpeppe: any idea why i'm getting this error http://paste.ubuntu.com/5689043/ while running the ec2 live tests? [10:54] dimitern: are you getting it every time? [10:55] rogpeppe: that was the first run, but then I got "your account is being verified for the next 2h...", weird though - some tests pass, I can see instances running in the dashboard [10:55] rogpeppe: will try later, I just registered the account 30m ago [10:55] dimitern: with this kind of problem, i recommend ssh'ing to the machine as it's bootstrapping (as soon as the test logging prints its DNS name) and tail -f the cloud-init-output.log on the machine [10:56] rogpeppe: will do, thanks [10:56] dimitern: it looks like you've started the machine ok, but the mongo init has failed [10:57] bigjools, (or anyone else): are you still seeing SSL issues with the MongoDB in raring? I upload 2.2.4 on Friday which contained some SSL related fixes [10:57] rogpeppe: maybe it's something related to the account being not fully verified yet [10:57] dimitern: there is a race between the connecting client and the init process, but the code logic *should* deal with that [10:57] dimitern: i don't see anything ec2-related there [10:57] dimitern: unauthorizedError comes from mongo, i think [10:57] rogpeppe: I didn't paste the whole thing [10:58] dimitern: it managed to make the connection to the mongo on the new machine [10:58] dimitern: which indicates that your ec2 credentials worked fine [10:58] rogpeppe: that error was reported a few times: http://paste.ubuntu.com/5689057/ [10:58] dimitern: that's different [11:00] probably only 1 instance at a time is allowed during these 2h [11:00] dimitern: perhaps [11:00] dimitern: i don't think your problem that you pasted first is to do with that though [11:00] lunchtime [11:01] dimitern: have you still got an instance running from that account? [11:01] rogpeppe: how can I pause the test to inspect the log before it shuts down the instance/ [11:01] rogpeppe: not anymore after the tests [11:01] dimitern: i generally ssh in while the test is running [11:01] dimitern: so you can see the log as it's being produced [11:02] dimitern: alternatively, just ^C the test [11:02] rogpeppe: I'll try just that test again, while sshing [11:02] dimitern: good plan [11:02] dimitern: one other thing [11:02] FAIL: live_test.go:136: LiveTests.TestInstanceGroups - that's the one [11:02] dimitern: i'd add a log statement [11:02] dimitern: in juju.NewConn [11:03] dimitern: after the "if state.IsUnauthorizedError" test [11:03] dimitern: so that we can be sure that logic is being triggered [11:03] dimitern: (if it gets an unauthorized error, it should continue trying to connect for a minute) [11:04] dimitern: and i recommend running only TestBootstrapAndDeploy to start with [11:04] rogpeppe: now it passed [11:04] rogpeppe: ok, I'll add the log stmt [11:05] dimitern: i don't think TestInstanceGroups was the one that failed for you, BTW [11:05] rogpeppe: but for the bootstrap+deploy to work, i need to be able to run more than 1 instance, right? [11:05] dimitern: yeah, but you'll see that error when it tries to initially connect to the state [11:08] rogpeppe: add log.Warningf("juju: unauthorized error while connecting to state server; retrying") ? [11:08] dimitern: sounds good [11:08] rogpeppe: in the "if IsUnauth()" block? [11:08] dimitern: actually, i think it's more a Notice [11:08] dimitern: because it can happen in the normal course of events [11:09] dimitern: yeah [11:11] dimitern: i'm just wondering about name of the newly factored-out allWatcher [11:11] dimitern: it's no longer inherently an all-watcher - it just watches a collection of stuff [11:11] dimitern: i'm wondering about "combiWatcher" as a name [11:11] fwereade: thoughts? ^ [11:12] rogpeppe: combinedWatcher? [11:12] * fwereade reads back [11:12] dimitern: i'd really like something shorter [11:13] fwereade: i've factored the allWatcher code into its own package [11:13] rogpeppe, maybe multiWatcher? [11:13] fwereade: i wondered about that [11:13] rogpeppe, panopticon ;) [11:13] rogpeppe, (ok, not "pan") [11:13] fwereade: but several other things are actually "multi-watchers" [11:13] rogpeppe: bootstrap and deploy failed again, this time the notice is there [11:13] dimitern: did you ssh to the instance when it was bootstrapping? [11:14] rogpeppe, no more so than other things are combi-watchers, surely? [11:14] fwereade: yeah, i was thinking that [11:14] rogpeppe: no, because i'm figuring out how to setup my .ssh/config to allow me to use my newly generated keypair [11:14] dimitern: i do: ssh -i $home/.ec2/rog.pem ubuntu@$1 [11:15] dimitern: in a script that i call "ec2ssh" [11:15] dimitern: is this against trunk? [11:15] dimitern, just `ssh ubuntu@` seems to work for me, I just have a standard id_rsa in ~/.ssh [11:16] fwereade: it depends if you generated an ssh key pair or not [11:16] rogpeppe, it was to having done that that I was alluding [11:17] I added Host *.amazonaws.com + the key [11:17] fwereade: ah yes, that will probably work with the usual authorized keys logic [11:23] rogpeppe: ssh-ing and tailing cloud-init-output.log shows no errors (just host key generated; cloudinit finished) [11:23] dimitern: hmm [11:24] running again [11:24] dimitern: can you bootstrap and run status ok? [11:24] dimitern: could you paste the log of the test run? [11:26] still running [11:26] dimitern: i mean the one that just failed [11:27] fwereade: i'm also looking for another name [11:27] fwereade: there are two types exported by multiwatcher [11:27] fwereade: one is the actual watcher used by clients [11:28] fwereade: which was called StateWatcher, but now is (provisionally) multiwatcher.Watcher [11:28] fwereade: the other is the type that's shared between several Watcher instances, that holds the record of everything that's currently around [11:29] fwereade: it's only there to be used by state [11:29] fwereade: i'm thinking multiwatcher.Store [11:29] fwereade: but i dunno [11:29] rogpeppe: cloud-init-output.log: http://paste.ubuntu.com/5689114/ [11:29] rogpeppe: test log: http://paste.ubuntu.com/5689116/ [11:29] rogpeppe: that's the one [11:30] rogpeppe, Store sgtm [11:30] dimitern: ah, so it did fail [11:30] dimitern: see line 131 of the cloud-init output [11:30] dimitern: it failed to download the tools [11:31] rogpeppe: yeah, I saw that - when I was tailing it before it was too late probably [11:31] dimitern: perhaps you're not authorized to push to s3 [11:32] rogpeppe: could be, that's why I'll try in an hour or so, after verification [11:32] dimitern: i'd be interested in exploring this failure mode actually [11:33] dimitern, fwereade: i wonder if we shouldn't pipeline wget straight into tar xz [11:34] we should probably download the tools, check the sha1sum and *then* untar them [11:35] rogpeppe, +1 in spirit although I would prefer that they were actually signed [11:35] fwereade: what would signing give us that an sha1sum doesn't? [11:35] fwereade: (after all, signing is usually just signing a hash of the content anyway, right?) [11:36] rogpeppe, requires compromise of the actual key used to sign, rather than just compromise of the hash and binary delivery channels [11:37] fwereade: really? [11:37] rogpeppe, isn't that the difference? what it takes to fake it? [11:37] fwereade: isn't the key delivered through the same channel? [11:37] fwereade: if someone can compromise your cloudinit, it doesn't matter what key you used to sign [11:38] rogpeppe, I'm just talking about how the binaries/hashes get to juju [11:38] fwereade: yeah - through cloudinit, right? [11:38] fwereade: well, the hashes anyway [11:39] fwereade: i think we have no choice but to trust the integrity of the cloud-init script [11:39] rogpeppe, I wasn't concerned about cloud-init [11:39] fwereade: in which case, a secure hash is as good as a signed binary, i think [11:39] fwereade: it's a different matter for the mongo binary though [11:39] rogpeppe, who generates the hash, and how do we trust them? [11:40] fwereade: Bootstrap generates the hash [11:40] fwereade: ah... doh! [11:40] fwereade: public tools, sorry [11:40] fwereade: i was thinking of upload-tools [11:40] rogpeppe, yeah, I had the same realisation just now [11:40] fwereade: yeah, we need signing [11:41] fwereade: and for the public key to be embedded in the juju source. [11:41] rogpeppe, exactly [11:41] rogpeppe, ah, hmm [11:41] fwereade: well, possibly with an override [11:42] rogpeppe, we can't let a potentially-evil binary verify its own integrity [11:43] fwereade: i'm sure there's any alternative [11:43] rogpeppe, the pubkey goes in the client, pushed up to cloudinit, verify signature of downloaded tools inside cloudinit [11:43] rogpeppe, untrusted client = game over anyway [11:43] fwereade: exactly [11:44] fwereade: we do need an override though, so that sync-tools can work [11:44] sync-tools --public, that is [11:44] rogpeppe, upload-tools? [11:44] fwereade: that too [11:44] rogpeppe, for sync-tools they're just the same files in a different location, though, right? [11:45] rogpeppe, upload-tools involves either overriding or just disabling the checks in development mode [11:45] rogpeppe, however I would rather have the override just so we're always exercising that code path [11:51] fwereade: sync-tools --public is different, because other juju environments will use that public bucket [11:51] rogpeppe, I'm not following [11:51] fwereade: so we need to provide a env config way of specifying the tools/mongo(/either?) public key, i think [11:52] rogpeppe, I agree that's the way to do it [11:52] fwereade: bootstrap --upload-tools is {generate key; generate binaries; upload binaries signed with new key; bootstrap with cloudinit holding new key} [11:53] fwereade: normal bootstrap is {get key from somewhere (defaulting to our public key); bootstrap with cloudinit holding that key} [11:53] rogpeppe, yeah, sgtm [11:53] s/somewhere/environment config/ [11:53] rogpeppe, yep [11:54] fwereade: i guess we want to allow sync-tools to generate a key too [12:05] fwereade: have we got any good starter bugs for danilo in juju-core? === gary_poster|away is now known as gary_poster [12:14] mgz, ooh, let me take a look, just a sec [12:16] mgz, hmm, how about keyauth support for goose? you'd know better than I [12:16] mgz, it's the card that looks most obviously bitesize to me [12:17] ah, that would be good [12:18] mgz, alternatively, if he wants to hit core, then "hook execution serialization" might be a good one -- it should be relatively simple code in a single location [12:18] danilo: bug 1135335 [12:18] <_mup_> Bug #1135335: Keyauth support not available for Openstack providers < https://launchpad.net/bugs/1135335 > [12:18] danilos, sorry, don;t know why I'm talking about you instead of to you [12:18] fwereade, hi, let me read up :) [12:18] danilos, keyauth for openstack is probably better because it demands a bit less context, I think [12:20] mgz, fwereade: ok, I'll start with the keyauth and then after I am done I'll take a look at hook execution serialization (I assume that's bug 1121968) [12:20] <_mup_> Bug #1121968: hook serialization per-system < https://launchpad.net/bugs/1121968 > [12:20] danilos, perfect, thanks [12:21] danilos, I'm going to eat in a mo but feel free to ping me if yu have any questions, I shouldn't be long [12:21] so, the trick with keyauth is to look at the current docs, and python implementation, then fixup the goose code [12:21] https://juju.ubuntu.com/docs/provider-configuration-openstack.html [12:21] fwereade, thanks, sounds good [12:22] lp:juju juju/provider/openstack/credentials.py and ./client.py and tests [12:23] then lp:goose identity/ [12:23] danilos, incidentally, before you do work on core, you might find it helpful to read the developer docs (most of the doc/ dir) [12:23] I'm happy to be bugged with questions or pair if you'd find that helpful [12:23] fwereade, yeah, started on that already, thanks [12:24] and yeah, the docs directory in juju-core is very useful for background on the design and implementation [12:24] danilos, and I would be most grateful for criticisms from your POV, if there's anything unclear [12:24] mgz, sure, I'll take a look around first and will ping you as needed [12:25] fwereade, ack [12:30] fwereade: another ping [12:34] fwereade: updated https://codereview.appspot.com/8429044/ PTAL [12:34] rogpeppe: also you please? ^^ [12:36] dimitern: MachineNonce, my translator tells me that a nonce is a paedophile. i hope there are other meanings too. ;) [12:37] TheMue: :D - see here http://en.wikipedia.org/wiki/Cryptographic_nonce [12:37] * dimitern bbi30m [12:38] dimitern: ah, not http://en.wikipedia.org/wiki/Nonce_(slang) [12:42] dimitern: why do we need a special value for the bootstrap nonce? [12:43] TheMue: that's new to me. the other meaning i know for nonce is "homosexual". === teknico_ is now known as teknico [12:45] rogpeppe: reminds me of the Mitsubishi Pajero, a word with a special meaning in South America :) [12:46] rogpeppe: always interesting when terms have so different or multiple meanings [12:46] dimitern: you have a review === marcoceppi_ is now known as marcoceppi [13:19] * dimitern is back [13:19] rogpeppe: tyvm [13:20] rogpeppe: because it's not generated by the provisioner [13:21] fwereade: ping [13:21] dimitern, pong [13:21] fwereade: https://codereview.appspot.com/8429044/ :) [13:21] dimitern, cool [13:21] dimitern: that's true, but i'm not sure i see what it needs to be a particular special value [13:22] rogpeppe: well, it has to have some value, and it's already special, so why not? [13:23] dimitern: giving it a special constant makes it seems like it *has* to be that value [13:24] rogpeppe: i don't understand what's your point, sorry, expand a bit more on why this is a bad idea? [13:24] dimitern: i'm not sure it is. [13:24] fwereade: a ping by me too ;) [13:25] rogpeppe: what you rather have there instead? [13:25] dimitern: i'd probably just have the provisioners pass in "" [13:26] rogpeppe, it does have to be that value [13:27] rogpeppe: the provisioner will never see that [13:27] rogpeppe: it'll be already there at bootstrap time [13:27] dimitern: oops, i meant the provider [13:27] fwereade: oh? [13:27] rogpeppe, that will be done in jujud bootstrap-state, I think, by passing it into InjectMachine (IIRC)? [13:28] rogpeppe: ah, well I don't like "", it could be generated at bootstrap time, like in the provisioner though, so it's not fixed [13:28] dimitern: i don't think that would help [13:28] dimitern, I don't think there's much payoff to making it configurable [13:28] fwereade: may i reserve the next ping-timeslot? ;) [13:29] TheMue, sorry, pong [13:29] * rogpeppe quite likes the zero value as a default [13:29] fwereade: hehe [13:29] fwereade: e'thing is now green, only one thing is open [13:29] rogpeppe: well, what's not to like about "user-admin:bootstrap" ? :) [13:29] dimitern: it makes it look like there's more structure there than there actually is [13:29] fwereade: i changed the operation order when creating the env and co after Dimiters review. [13:30] TheMue, yeah, you changed it the wrong way, it was right before [13:30] rogpeppe: that's because you don't yet know the format what the PA will generate [13:30] fwereade: you say that this order is wrong. could you explain why and which kind of error you expect here? [13:30] TheMue, if a settings document exists without a matching entity, no big deal [13:31] rogpeppe: it'll be similar "machine-: [13:31] dimitern: why not just a uuid? :-) [13:31] I can't bootstrap, I'm getting "error: cannot log in to admin database: auth fails" [13:31] rogpeppe, because the story is not specified to require a UUID? [13:32] rogpeppe: it's too heavy perhaps.. [13:32] fwereade: but doesn't the txn ensures that all is created or nothing? [13:32] fwereade: i'd have thought that just a random hex token would be enough [13:32] fwereade: but if we think we want an extra prefix, then who am i to argue? :-) [13:32] rogpeppe: it has to be unique across the environment [13:32] dimitern: sure. that's what randomness gives you. [13:33] TheMue, yes, but with some subtleties [13:33] rogpeppe: so even a counter should do [13:33] I have run go get -u launchpad.net/... and done a build -a ./... and still have the problem. I have also switched S3 buckets (which has fixes similar issues in the past) [13:33] dimitern: sure. [13:34] TheMue, txn execution might be interrupted and not resumed for a while [13:34] fwereade: ok, that's an argument [13:34] benji: ec2? [13:34] TheMue, we would like to use the existence of the entity documents as guarantees that certain other documents exist [13:34] dimitern: yep [13:34] dimitern: i just like the simplicity of "bootstrap" - it suggests a simple starting point. [13:34] * TheMue likes real dbms transactions ;) [13:34] benji: I had the same issue - are you using a newly created ec2 account? [13:34] * fwereade has become quite fond of mgo/txn [13:35] fwereade: so the order is constraints, settings, environment [13:35] nope; this one has been active for a few years [13:35] dimitern: and it's a really special value, so it doesn't matter that it's a different format. in fact that might even be better. [13:35] dimitern: anyway, i don't wanna push any more. i just wanted to raise the question. [13:35] TheMue, there's no relationship between constraints and settings, but both must come before the environment doc itself [13:35] fwereade: ok, then the CL will flow in in a few seconds [13:35] rogpeppe: well, I think we should keep it simple and use a const, what exact value to choose doesn't bother me that much [13:36] fwereade: perhaps you can chip in on your idea behind "user-admin:bootstrap" meaning? [13:36] benji, would you try pointing your public-bucket to an empty one? [13:37] fwereade: control-bucket? [13:37] fwereade: I had the same issue earlier, with a new bucket (well, haven't created it, just picked juju-askfjasljgfjgljfg) [13:38] benji, public-bucket [13:38] but I did set control-bucket, no public [13:38] fwereade: I don't have a config setting with that name. Should I add one? [13:38] benji, actually, simpler: would you check the current version number in version/version.go? [13:39] fwereade: const version = "1.9.14" [13:40] benji, if you were to add one we could eliminate the possibility of inappropriate tools being picked up for some reason [13:40] fwereade, rogpeppe: I got it - bootstrap nonce is badged with the tag of the responsible entity [13:40] fwereade: will do [13:40] benji, we have surprising fallback behaviour across buckets that I'm working on [13:40] benji, it's not certain to be the cause but at least it eliminates one avenue of ugliness [13:46] fwereade: do I need to make that bucket public in S3? [13:46] benji, not at all [13:46] k [13:46] benji, it defaults to "juju-dist" and gets the released tools [13:47] benji, but if you point it somewhere empty, it'll work fine so long as you have sensible tools in the control-bucket [13:47] benji, (well, maybe it will: there may be more going on, but that's how to get a definitely-clean environment) [13:48] fwereade: I'm bootstrapping now with new public and control buckets [13:48] benji, thanks -- if it's weird again, please paste me /var/log/cloud-init-output.log [13:49] k [13:49] Sh**, forgot to remove a comment. [13:49] fwereade: here's an interesting thing [13:49] fwereade: the API server does need to use JujuHomePath [13:49] fwereade: because it gets charms [13:49] fwereade: and therefore needs a charm cache [13:50] fwereade: and that's how the charm cache works [13:50] rogpeppe, that's an argument for parameterising the charm cache, I think [13:50] fwereade: perhaps we should divorce the charm cache from JUJU_HOME [13:50] rogpeppe, +1 [13:52] dimitern: here's your allwatcher refactoring branch. it's a lot of lines but no logic changes: https://codereview.appspot.com/8458044/ [13:53] rogpeppe: cheers, will look shortly [13:53] dimitern: thanks [13:53] * dimitern hates this error already! => 2013/04/08 15:53:59 ERROR JUJU:juju:status state: connection failed, paused for 2s: dial tcp 23.21.7.175:37017: connection refused [13:53] it's arguably even an error [13:55] so, practically I cannot do anything live on ec2, because there are no charms for quantal and no tools can be found without --upload-tools (or they fail to unpack during cloudinit) [13:58] dimitern: yup [13:58] dimitern: you can always download charms and rename them to quantal :-) [13:58] dimitern: it's not an error [13:58] I had to resort to juju deploy cs:~charmers/quantal/glance-4 as the easiest :) [13:58] dimitern: it's a Notice [13:59] dimitern: oh, hold on! [13:59] dimitern: you can use fake-tools [13:59] dimitern: or whatever it's called [13:59] rogpeppe: eh? [13:59] rogpeppe: --upload-tools --fake-tools ? [14:00] dimitern: juju bootstrap --upload-tools -fake-series precise [14:00] dimitern: it's in trunk [14:00] fwereade: the help message should say that the series are comma-separate (assuming they are) [14:00] Hullah [14:01] niemeyer: yo! [14:01] niemeyer: good news, eh?! [14:01] rogpeppe: indeed! [14:01] rogpeppe: cool, i'll try that next [14:01] niemeyer: hopefully it'll be ultra-stable now :-) [14:02] rogpeppe: Let's hope so :) [14:02] mramm: you around? [14:03] * dimitern yes! fake_nonce and provisioner works still [14:05] fwereade: same error; however, I don't see my new public bucket listed in S3; is the config setting simply "public-bucket" under the environment name? like so: [14:05] environments: [14:05] ec2: [14:05] type: ec2 [14:05] public-bucket: foo [14:06] benji, yeah [14:06] I wonder why it isn't listed in s3 then [14:06] * dimitern lunch, finally [14:06] benji, ok, I guess that wasn't it [14:06] benji, we don't try to create it [14:07] oh! I'll create it and try again [14:07] rogpeppe, offhand, will we list an empty bucket without error? I *think* we do [14:07] fwereade: i think so too [14:07] benji, that shouldn't matter [14:08] rogpeppe, I have been up to the elbows in a not-quite-up-to-date branch, haven't actually run tip lately [14:08] rogpeppe, have you? [14:08] fwereade: i think so. [14:08] fwereade: actually, maybe not [14:08] fwereade: i'll check again [14:09] fwereade: it does create it, just tried [14:09] dimitern, all the better then [14:10] where do all the charm files in a unit get installed under juju-core? In pyju it was /var/juju/.... [14:16] fwereade: I get the same error with a newly-created public-bucket [14:17] benji, sorry, I clearly didn't communicate that it wouldn't make any difference -- would you paste me cloud-init-output.log please? [14:17] fwereade: you communicated fine; I tried it anyway ;) [14:22] fwereade: Hi… in MAAS we don't have a shared storage to upload the tools once and for all… would it be reasonnable to get the provider to always upload the tools as part of the Bootstrap process? [14:23] rvba, I'd recommend that people sync-tools before bootstrap [14:23] mattyw, ^^ I'm an idiot :( [14:23] fwereade: so we don't do anything special in the provider itself, but we encourage people to use 'juju --upload-tools' ? [14:24] rvba, I'd prefer to avoid that [14:25] fwereade: you mean avoid uploading the tools in the provider when Bootstrap() is called? [14:25] rvba, jam recently added the juju sync-tools command [14:26] Ok, seems sane to me to keep the providers as similar as possible. [14:26] rvba, if you have ec2 credentials in your env it will copy the latest ones form the official juju-dist bucket [14:27] rvba, it's an extra step but not too painful [14:27] rvba, I hope [14:27] fwereade: sounds good to me. [14:27] I'll cleanup the MAAS' provider code now. [14:27] fwereade: thanks! [14:38] rogpeppe, ping? [14:47] fwereade: I had to re-bootstrap so it took a while, but now I am confused as to how to fetch cloud-init-output.log if I can't ssh into the machine [14:47] benji, can you not just ssh ubuntu@dns-name? [14:48] fwereade: I'll try that [14:51] fwereade: https://pastebin.canonical.com/88664/ [14:54] benji, hmm, how about /var/lib/juju/... um, poke around for an agent.conf somewhere inside a dir called "bootstrap"? [14:54] mattyw: pong [14:54] mattyw: (sorry, was in a call) [14:55] rogpeppe, no problem? can I borrow you in cloud-green? [14:55] mattyw: sure [14:55] fwereade: /var/lib/juju/agents/machine-0/agent.conf perhaps? [15:38] benji, damn, sorry, I got completely distracted by test failures [15:39] benji, I *think* there should be another one for bootstrap stuff [15:39] rogpeppe, can you confirm how that one works ^^ [15:39] fwereade: sorry, how what works? [15:39] failing tests can have that effect on people :) [15:40] rogpeppe, the agent conf for bootstrap-state [15:40] rogpeppe, does it get it by pretending to be an agent called "bootstrap" or something? [15:40] fwereade: something like that, yes [15:40] fwereade: and the agent conf gets removed immediately [15:40] fwereade: I have completely rebuilt the world (as best I understand how in go) and it seems to be working now. [15:40] fwereade: after bootstrap-state has run [15:41] boundless confidence [15:41] rogpeppe, ah, ok -- funny, it seemed like benji was seeing bootstrap-state falling over [15:41] fwereade: it's a very short-lived agent :-) [15:41] rogpeppe, I'd expect the conf to be somewhere still around [15:41] fwereade: no, i'm fairly sure it gets removed after use [15:41] rogpeppe, that's a bit annoying if it happens even on failure [15:42] benji, heh :( [15:42] fwereade: yeah. tbh, we should probably do a set -e at the top of cloudinit [15:42] benji, my current intention is not to leave this desk until I have sane tools [15:42] fwereade: i've thought that a few times before but never actually done it [15:42] I'm getting a failure on CmdSuite.TestDestroyEnvironmentCommand [15:42] Is that known? [15:43] niemeyer, no, I don't think so; bug please :) [15:43] [LOG] 51.40394 DEBUG api: <- error: read tcp 127.0.0.1:59023: use of closed network connection [15:43] [LOG] 51.40395 ERROR api: error receiving request: read tcp 127.0.0.1:59023: use of closed network connection [15:43] [LOG] 51.41987 ERROR rpc: client protocol error: unexpected EOF [15:43] fwereade: Cool [15:43] fwereade: stay hydrated [15:43] niemeyer, it's usually the bit just above that's important [15:43] benji, cheers :) [15:44] fwereade: I don't see anything obvious [15:44] niemeyer, but if nothing failed before that rogpeppe will be interested ;) [15:44] he will indeed :-) [15:45] :) [15:45] Opening a ubg [15:45] bug [15:45] Ah, hold on [15:45] ... Panic: unauthorized (PC=0x42ED71) [15:45] niemeyer: trunk tests pass for me [15:46] That's the issue [15:46] niemeyer: that *might* have something to do with it :-) [15:46] /home/niemeyer/src/launchpad.net/juju-core/testing/mgo.go:205 [15:46] in MgoReset [15:46] niemeyer: ah, i think i know what the issue is [15:46] niemeyer: i've been thinking i could put it off, as it didn't seem to raise its head in normal tests [15:47] niemeyer: the problem, i *think*, is that in the tests the API server runs as the same mongo user that the client connects as [15:48] niemeyer: and the client changes its password immediately after connecting [15:48] niemeyer: which invalidates the API server connection [15:49] rogpeppe: I see [15:49] niemeyer: the answer is to have the API server connect as a different user (for instance, by creating machine 0 and setting the mongo password for the machine-0 entity) [15:49] niemeyer: but that buggers up lots of tests [15:49] niemeyer: so i left it on the back burner until i had a bit more time [15:50] rogpeppe: So a race.. okay [15:50] niemeyer: yeah [15:50] niemeyer: i saw the issue when i lowered the state/watcher refresh interval [15:50] fwereade: Done your suggestions [15:50] fwereade: On the publish command [15:51] fwereade: I also ended up just fixing InferURL so it handles the no-series case properly [15:51] niemeyer, lovely, thanks, I'll try to take a look tonight [15:51] niemeyer, <3 [15:51] fwereade: Rather than risking a change in behavior later [15:51] fwereade: Thanks [15:51] niemeyer, yeah, +1 [16:09] fwereade: there's one time that i don't have the _id to hand [16:10] rogpeppe, oh yes? [16:10] fwereade: which is when i fetch everything at the beginning [16:10] fwereade: i guess i'll just duplicate the entity docs to give myself an id [16:11] rogpeppe, can't you just fetch all the other stuff after fetching the entities that use them? [16:12] fwereade: i'd prefer to avoid n round trips [16:12] fwereade: although actually, now you come to mention it [16:13] fwereade: hmm no [16:13] fwereade: we really *should* avoid all those round trips if we can [16:13] fwereade: i guess i'll just leave it as a todo [16:13] rogpeppe, ah! yes, I see... sorry about that then [16:13] rogpeppe, embed the doc in a wrapper with _id? [16:13] rogpeppe, when getting all at once I mean [16:14] fwereade: depends whether bson embedded types work properly or not, i suppose [16:19] fwereade: unfortunately it doesn't work [16:19] rogpeppe, bah [16:20] rogpeppe, very well, do as you must [16:20] fwereade: i'll go with the round trips for now [16:29] Anyone interested in spending me a second LGTM: https://codereview.appspot.com/8322043 [16:31] niemeyer, does http://paste.ubuntu.com/5689862/ look like something you'd know about? [17:00] fwereade: Looking [17:01] fwereade: Hmm [17:02] fwereade: I can see the issue, but I don't know why it's happening [17:02] fwereade: If I run "bzr log -v --long" here [17:02] fwereade: i get stuff like this: bzr/bzr.go bzr.go-20130403210030-zt48wpftmd160ox3-2 [17:03] fwereade: IOW, there's a digest after the filename [17:03] fwereade: The output you're observing doesn't have the digest [17:03] fwereade: It's easy to fix the test by dropping the empty space [17:04] fwereade: Slightly curious about why bzr is showing different results for that, though [17:04] niemeyer, it's what I see when I do `bzr log -v --long` here [17:04] fwereade: It doesn't matter in this specific test, either way [17:04] niemeyer, cool [17:04] fwereade: Right, so it's a mystery why the output string in that test doesn't show it [17:05] fwereade: But again, it doesn't matter.. the test is juts checking that the given file was added [17:05] niemeyer, no, the weird version is what I see [17:05] fwereade: To verify that the commit behavior was basically sane [17:05] niemeyer, yeah -- the other bits of the test look like they do that ok [17:05] fwereade: I suggest just dropping the space, on the basis that we don' care [17:05] don't [17:06] niemeyer, ok, I'll bug it and assign it to myself, I don't want to get myself too distracted :) [17:06] fwereade: Btw, these multiple line outputs are handy.. I haven't seen it working in practice very often :) [17:06] fwereade: I can quickly shoot a one-liner [17:06] fwereade: Hold on [17:07] niemeyer, tyvm [17:07] niemeyer, I've found them pretty hendy in general [17:07] niemeyer, er, handy [17:24] fwereade: https://codereview.appspot.com/8521043/ [17:25] niemeyer, sorry, but I don't see the revision-id in that output [17:26] niemeyer, that's also a (surprising) part of the problem [17:26] fwereade: Oh, indeed.. I missed that [17:26] niemeyer, maybe I have a hideously outdated bzr? [17:26] fwereade: I have no idea then [17:26] fwereade: It looks like --long was ignored entirely [17:26] fwereade: Oh, hold on [17:27] fwereade: I probably mixed the options.. I may some defaults locally.. just a sec [17:27] fwereade: Yep [17:27] fwereade: --show-ids [17:27] fwereade: Can you please run log with --show-ids there and see if it helps? [17:27] niemeyer, bingo [17:28] fwereade: Okay, so.. [17:28] niemeyer, revision-id: fwereade@gmail.com-20130408082602-zu4ypfo9xoexns33 [17:28] fwereade: The test already had --show-ids.. :) === deryck is now known as deryck[afk] [17:28] fwereade: Does it show the id next to the file as well? [17:28] niemeyer, yeah [17:29] fwereade: So there's something funny going on there [17:29] fwereade: Why isn't that working in the test? [17:29] fwereade: It already uses -v --long --show-ids [17:30] niemeyer, oh crap, my branch isn't up to date [17:30] fwereade: Hah. Tim fixed it [17:30] fwereade: Mystery solved [17:30] niemeyer, heh [17:30] niemeyer, thanks, sorry to distract [17:31] fwereade: np [17:38] next CL in pipeline, if anyone cares to have a look: https://codereview.appspot.com/8487044/ === BradCrittenden is now known as bac [18:57] fwereade: ping [19:20] rogpeppe, pong [19:20] fwereade: i just noticed that the testing charm name contained the series, and wondered why [19:20] fwereade: like cs:series/series-wordpress [19:21] fwereade: it looked redundant, but i imagine there's a good reason [19:21] fwereade: it confused me for a while - i thought i'd mucked something up [19:21] rogpeppe, convenience somewhere... possibly getting an easy and unique ident string? [19:21] fwereade: i'd've thought the charm name would be enough [19:22] fwereade: (within the series, of course) [19:22] rogpeppe, IIRC it came up when we were adding series support somewhere [19:22] rogpeppe, exact provenance blurs slightly [19:22] fwereade: yeah, it's quite a recent change, so i thought you might remember [19:23] fwereade: (bzr ascribes credit to you :-]) [19:23] rogpeppe, that's as close as I can get without hunting down the revision [19:23] fwereade: ok, np [20:10] hi rogpeppe, i know its late for you but can i bug you for a second? [20:10] bac: sure [20:11] rogpeppe: cool. so i've had to change one of the API return structs to change one of the existing entry names and to add another field. tests all updated and pass. [20:11] fwereade: if you're still around, i could really do with a second review of https://codereview.appspot.com/8510043/ (i'm about to need it as a second dependency). it's pretty trivial. [20:11] bac: ok [20:11] rogpeppe: i rebuilt and reinstalled everything. multiple times [20:11] bac: ok [20:12] rogpeppe: but when i get the data back on the client side it looks like the old version [20:12] rogpeppe: i've blown away $GOPATH/bin and pkg. rebuilt, reinstalled, killed my S3 bucket [20:12] bac: you are bootstrapping with --upload-tools --fake-series precise, right? [20:12] i'm at wits end [20:12] no [20:12] just --upload-tools [20:12] juju bootstrap --upload-tools [20:12] bac: what series are you deploying from? [20:13] precise [20:13] er, wait [20:13] rogpeppe: my host is quantal. default-series in environments.yaml is precise [20:14] bac: what API field have you changed? [20:14] rogpeppe: ServiceGetResults s [20:15] bac: perhaps you could push the branch, and i'll have a look [20:15] rogpeppe: here's a diff: http://paste.ubuntu.com/5690437/ [20:16] bac: in general though, it's *really* worthwhile bootstrapping with --fake-series precise --upload-tools === deryck[afk] is now known as deryck [20:16] bac: otherwise when you deploy a precise charm, it will fall back to using the old version of the tools [20:16] rogpeppe: i'll try that. it smells environmental [20:16] rogpeppe: ok, but like i said i changed buckets [20:17] bac: yeah, but this is *within* an environment [20:17] rogpeppe: right, but where would it get an old version of the tools if not from the bucket? [20:17] unless i misunderstand [20:17] bac: from the public bucket [20:18] er [20:18] bac: the one that gets used even if you don't use --upload-tools [20:18] oh [20:18] bac: that shouldn't be used on the bootstrap node though [20:19] bac: but will be used on any other nodes that don't match the bootstrapped node's series [20:19] rogpeppe: ok, i'm trying again with fake-seriese [20:19] bac: ok, crossed fingers :-) [20:26] rogpeppe, LGTM [20:26] fwereade: ta! [20:32] rogpeppe: --fake-series worked. thanks. [20:32] bac: yay [20:32] ! [20:32] rogpeppe: is that indicative of a problem that should be investigated? [20:33] bac: no [20:33] bac: it's the solution to a problem that was :-) [20:33] bac: and fwereade is working on a way to make it less easy to muck up that way [20:34] bac: please share in juju-gui the fact that everyone should use --fake-series [20:34] rogpeppe: your comments above made it sound like it shouldn't be required. fine by me...i can proceed! [21:05] * thumper settles down to read email [21:22] thumper, hell, I have not yet done my self-promised email burst today [21:22] :) [21:22] * thumper is replying to the placement thread... [21:35] thumper: hiya [21:35] hi rogpeppe [21:35] rogpeppe: still up I see [21:36] thumper: yeah, trying to unblock the gui folks [21:42] rogpeppe, I'm thinking I really should rename that -- we may be faking it up now, but cross-compiling should not actually be too far out of reach [21:42] fwereade: i'm not sure. it might be an elusive goal unfortunately [21:44] rogpeppe, meh, probably not worth it then [21:44] fwereade: i'd prefer to have a wildcard tools fallback actually [21:44] fwereade: if matching against the series directly fails, try "linux" [21:45] fwereade: then make upload-tools upload to series==linux [21:46] fwereade: i mean, we do have cross-compilation currently *almost* [21:51] rogpeppe, it is just a dev tool anyway, I guess, we can be a bit freer about changing things [21:51] fwereade: yeah [21:53] what is the purpose of the machine nonce? [21:54] thumper, there's a window between provisioning a machine and recording it as provisioned in state [21:55] thumper, if the provisioner goes down in that window, it will start a new machine [21:55] thumper, and we'll end up with two instances running the "same" machine agent [21:56] thumper, the nonce allows the machine agent to be sure that it's the official one before it starts messing around changing passwords and deploying units and stuff [21:56] so what happens when it isn't the official one/ [21:56] ? [21:58] thumper, it stops immediately and waits for the provisioner to reap the instance [21:58] * thumper nods [21:58] * thumper still thinks there is a problem with the hook logger [21:59] rogpeppe: did you want to talk about it, or should I just keep it on the list [21:59] * fwereade is not entirely comfortable with it but doesn't quite have the headspace [21:59] * fwereade will watch conversations with interest though [21:59] thumper: let's talk about it [22:00] rogpeppe: ok, hangout? [22:00] thumper: ok [22:00] it'll make it hard for fwereade to watch :) [22:00] * thumper starts one [22:00] fwereade: feel free to join the fun [22:00] https://plus.google.com/hangouts/_/8078c0dcc36c791886bcd025be7df7b497f49c00?authuser=0&hl=en [22:37] thumper: one little question, if i'm using bzr pipes, can i rename a branch in the pipeline without breaking the pipe links? [22:37] rogpeppe: not really [22:37] thumper: ok, thought so, but thought i'd check. [22:38] thumper: another thing: how can i link an existing branch into a pipeline? [22:38] rogpeppe: add-pipe referencing the existing branch [22:38] thumper: ah, ok [22:46] right that's me done for the day [22:47] i've got quite a few reviews out if anyone cares to look [22:48] g'night all