/srv/irclogs.ubuntu.com/2013/06/03/#juju-dev.txt

=== tasdomas_afk is now known as tasdomas
jamwallyworld: I ended up getting back at a reasonable time if you still want to 1:106:13
wallyworldok, i'll fire up mumble06:14
jamwallyworld: we can hangout instead06:14
jamhttps://plus.google.com/hangouts/_/30081079f3ae053b9ac5eba3f343941780b5776306:14
jamwallyworld: ^ I know how much you just adore mumble06:14
dimiternwallyworld: client-side api stays as in state, as agreed on the last call - we cannot change that now06:18
dimiternwallyworld: it'll require rewritting everything06:18
dimiternwallyworld: but it's a transitional state towards having bulk support on the server06:19
dimiternwallyworld: and eventually the agents can benefit from that (one at a time) when refactored06:19
wallyworlddimitern: we need to discuss. i'm on a call right now. perhaps after standup. the way it is now is fundamentally broken because it is 1. stateful, 2. not connectionless, 3. not service oriented06:22
dimiternwallyworld: none of these 3 things can change in a single CL06:22
dimiternwallyworld: as i said, changing the client-side api needs to happen once the state api itself is changed accordingly06:23
dimiternwallyworld: what's important is to have the api server-side right first, which is what the cl does06:23
dimiternwallyworld: but by all means, another discussion is in order with me, you, fwereade and rogpeppe06:24
TheMuemorning07:19
=== tasdomas is now known as tasdomas_afk
=== tasdomas_afk is now known as tasdomas
fwereademorning gents, I think my irc client may have swallowed it last time I tried to greet you all07:44
dimiternfwereade, TheMue: morning07:52
=== racedo` is now known as racedo
TheMuefwereade, dimitern: heya07:55
fwereadedimitern, TheMue, heyhey07:57
fwereadedimitern, wallyworld, we should all talk sometime soon07:57
dimiternfwereade: yep, sgtm07:57
dimiternfwereade: i have 1-1 with jam at 11, maybe after that, before the standup?07:57
fwereadedimitern, sure, if that works for wallyworld -- or if right now wors for you both that might be even better08:05
dimiternwallyworld: you're good for a call now?08:05
dimiternfwereade: what was you wanted to talk about the api btw?08:10
=== TheRealMue is now known as TheMue
fwereadedimitern, I was just a bit confused about the authorization testing for unit access given a machine connection08:11
fwereadedimitern, it seemed like an unrelated machine was happily getting units it shouldn't really have access to?08:11
dimiternfwereade: oh?08:11
fwereadedimitern, and if that's just because it's a straight port of existing functionality that's ok but I wanted to check what the story was there08:12
dimiternfwereade: only the environ manager machine and the machine agent for a specific machine has access to most methods on machines08:12
dimiternfwereade: re units, the auth is based on 3 things: entity itself (u.Tag() == authUser.Tag()); or its deployer (principal unit or machine)08:13
fwereadedimitern, https://codereview.appspot.com/9797046/patch/21001/22008 seems to log in as a machine but to get units not assigned to that machine08:13
fwereadedimitern, possibly I just misread something?08:14
dimiternfwereade: can you point me to a specific test?08:14
fwereadedimitern, TestUnitsGet08:14
dimiternfwereade: so the suite is written so that the authuser is machine 008:15
dimiternfwereade: which (i know this must be wicked, but) is both JobHostUnits and JobManageEnviron08:15
fwereadedimitern, s.machine, err = s.State.AddMachine("series", state.JobHostUnits) ?08:16
dimiternfwereade: and in general reading operations are less restrictive than write08:16
fwereadedimitern, is there something else set up in JujuConnSuite?08:16
dimiternfwereade: ah, that's the first CL - yes in there it's just JobHostUnits08:17
fwereadedimitern, ah, ok, I'm still readin that one I'm afraid08:17
dimiternfwereade: Units.Get does not impose any additional authorization, beyond the requireAgent stuff which happens at srvRoot.Units()08:18
fwereadedimitern, anyway that's a side issue really -- the really important thing is to nail down agreement with wallyworld, I think08:18
dimiternfwereade: agreed08:18
fwereadedimitern, hmm, I think that's probably wrong -- I'd prefer to be as restrictive as possible by default, really08:19
fwereadedimitern, nobody gets any information we can't be sure they need ;p08:19
dimiternfwereade: well, you cannot really do anything even once you get a unit - any other call which is mutating *has* auth08:19
dimiternfwereade: but ok, I can change that to be more restrictive - like the check in Units.SetPassword perhaps?08:20
dimiternfwereade: if !u.root.authOwner(unit) && !u.root.authDeployer(unit)08:20
fwereadedimitern, yeah, that sgtm, I think... I'm just wondering whether it's ok to tell unauthorized clients the difference between a missing entity and one they're just not allowed access to08:21
fwereadedimitern, it might not matter, but there's a definite parallel with common practice logging into, say, a website08:22
dimiternfwereade: as it is right now, they'll get not found before they get unauthorized08:22
dimiternfwereade: cf. tests with foo/4208:22
fwereadedimitern, you don't say "wrong password" and thereby leak the existence of an account with a given email address08:22
fwereadedimitern, you just say "email/password didn't match" (and thereby, ofc, frustrate users who can't remember which email account they signed up with ;p)08:23
dimiternfwereade: i see your point, but what's the action? :)08:24
dimiternfwereade: should we postpone CodeNotFound until we checked the user is actually authorized?08:24
fwereadedimitern, report not-found for anything you try to access but aren't allowed to08:24
fwereadedimitern, the trouble is I'm not certain that this is a good idea08:24
fwereadedimitern, but nor am I certain it isn't08:24
dimiternfwereade: so why is CodeUnauthorized there for at all?08:25
fwereadedimitern, there's definitely a use case for it -- trying to modify an entity in an unacceptable way08:25
dimiternfwereade: remember, if you got as far as to call that method you're at least an authorized agent08:25
fwereadedimitern, eg the deploying machine should be able to get some access to a unit it's responsible for, but it shouldn't be able to set it to Dying08:26
dimiternfwereade: i think i might be a good idea not to lie about things like that and make debugging much harder08:26
fwereadedimitern, yeah, there's always a tension between security and transparency ;)08:26
jamfwereade: I don't think we've actually had a discussion of the privacy model for Juju.08:27
jamI'd like to at least bring up the 'helpful hints when you make a mistake' vs the 'dont leak secrets'08:27
fwereadejam, quite so08:27
jamfwereade: I think it would be reasonable to code Juju more along the lines of "if you have at least authorized with an account, we will give you more helpful errors". Though I guess08:28
jamwe run some untrusted code08:28
jamin the Charm hooks, right?08:28
jamso maybe we should be more defensive.08:28
jamI'm not entirely sure what would leak if you knew that there was a specific service running.08:28
jamfwereade: and then there is multitenancy08:28
fwereadejam, remember that this is the agent context, though -- I would prefer that we be defensive in that context to guard against agent compromise (both by malicious actors, and by our own mistakes)08:28
jamfwereade: well given the existing model of everyone-has-root-everywhere, it is good to get away from them. Finding a decent happy point is good.08:29
fwereadejam, yeah, but not-being-sure-what-would-leak is kinda my problem -- being as restrictive as possible, at least for the private API, seems like a sensible default position08:29
jamfwereade: also, what about readonly mode?08:30
jamis that just again for the public apis?08:30
fwereadejam, readonly mode is a Client thing, not an agent thing, I think08:30
fwereadejam, I don't think there's a use case for an agent that can connect but not actually fulfil its duties08:30
fwereadejam, and I don't *think* there's much confusion about an agent's duties08:31
jamfwereade: at that point Client looks like a really wide API, rather than "some client-level requests about Units".08:31
jamWhich I think is why there is occasional confusion.08:32
jamI think I understand that each Process that talks to the API should generally be talking to one of the top level endpoints?08:32
fwereadejam, hmm -- a user will be talking to Client08:32
fwereadejam, at the moment an agent will potentially want to talk to several of the root objects08:33
fwereadejam, but not to client08:33
jamfwereade: yep, that is 1 process (juju FOO) talking to 1 top level API (Client)08:33
jamBut Machine agents might want to talk to Unit?08:33
fwereadejam, quite so08:33
fwereadejam, I would be happiest if they were to be *very* heavily restricted08:34
fwereadejam, but the set of relevant information, and allowable operations, is a bit messy08:34
jamfwereade: so is it possible to say that Machine can only talk about Units that are on that machine? Is that reasonably structured internally that it can be queried easily?08:34
jamThe only specific logic I've seen so far is "Are you an Agent"08:35
fwereadejam, yeah, should be08:35
jamvs Are you the Agent for Machine X when requesting actions on X08:35
fwereadejam, yeah, "are you an agent" is IMO of limited value08:35
fwereadejam, "are you agent X" is a more suitable model in general, I think08:36
fwereadejam, I'm not 100% sure, but I think that in the vast majority of cases it is simple to tell what entity has responsibility for what operations on what entities08:37
dimiternjam: not quite right08:38
dimiternjam: there are both "are you an agent" (requireAgent) when connecting08:38
dimiternjam: and "are you the machine agent for machine X" authOwner(machine)08:38
fwereadedimitern, jam: it crosses my mind that it *might* be good to partition the APIs by client-task08:43
fwereadedimitern, jam: this would perhaps satisfy wallyworld's concerns08:44
dimiternfwereade: by client-task?08:44
fwereadedimitern, the provisioner service, for example, provides all functionality required by the provisioner task08:44
fwereadedimitern, downside is that there will be some overlap of responsibility08:45
dimiternfwereade: hmm.. that's not a bad idea08:45
dimiternfwereade: but are we deciding to break state api compatibility completely then?08:45
fwereadedimitern, ie a Machiner is allowed to set its machine to Dead; and so is a Provisioner08:45
fwereadedimitern, yeah, it might be hard to do without having some impact on the client code, that is also a valid concern08:46
dimiternfwereade: *some* impact? :)08:46
fwereadedimitern, ;)08:46
fwereadedimitern, I don't like to overstate things, it makes people jumpy ;p08:47
dimiternfwereade: :) yeah, I know what you mean08:47
jamdimitern: If the actual API call takes the same args and has the same net effect, then the client impact is just renaming what method you are calling. Which is an effect, but it isn't massive.08:48
dimiternfwereade: then maybe we should decide should we throw away what's already there in the workers and rewrite them one by one to use the api, while keeping the others using state08:48
dimiternfwereade: if we do that, everything goes for the client-side agents api08:49
fwereadedimitern, that's what we're doing already, really, it's just we've been trying to minimize the difference between the two versions08:50
fwereadedimitern, and we still should -- but we shouldn't take the original form to be sacrosanct08:50
fwereadedimitern, the difference between having a global api.Machine and a provisioner.Machine, for example, is actually quite minimal08:51
fwereadedimitern, (vs machiner.Machine)08:51
dimiternfwereade: true08:52
dimiternfwereade: i'm beginning to like it more and more08:52
fwereadedimitern, and it has benefits in that we make it much harder to screw up auth on methods that are relevant for two very different clients in very different contexts08:53
dimiternfwereade: there'll be some duplication (machiner.Machine and provisioner.Machine will basically be the same, but this can be fixed by helpers)08:53
fwereadedimitern, however, I'm not necessarily sure that task-graining is quite right -- job-graining *might* be better08:53
fwereadedimitern, thoughts?08:53
dimiternfwereade: it actually simplifies the authorization a lot - we can do it on the top-level - "are you a provisioner?" ok - get the api.Provisioner end point, and no more checks inside the calls themselves08:54
fwereadedimitern, yeah08:54
fwereadedimitern, I'm considering the distinction between the Provisioning endpoint and the EnvironManagement endpoint08:55
dimiternfwereade: i can see more benefits as well - it isolates us nicely from the exact state api08:55
fwereadedimitern, yeah08:55
dimiternfwereade: so job vs. agent?08:55
fwereadedimitern, yeah: I can't tell which is right though :)08:56
dimiternfwereade: the jobs (tasks/workers) are the ones actually doing stuff, while the agent has little to do with state anyway08:56
fwereadedimitern, a job is a group of tasks/workers08:56
dimiternfwereade: (it shouldn't deal with state at all I think, or if it should, it can use the worker api instead perhaps?)08:56
dimiternfwereade: yeah, correct08:57
fwereadedimitern, I'm concerned right now with whether job granularity is better, or task granularity08:57
dimiternfwereade: if we choose tasks, authz gets easier (at end point only)08:58
fwereadedimitern, maybe auth should be grouped by job, but actual service endpoints should be split by task?08:58
dimiternfwereade: if we choose jobs, there has to be more authz inside methods as well08:58
fwereadedimitern, it does act to fossilize the jobs08:58
fwereadedimitern, but maybe that's a worthwhile proce, because the original idea of making them flexible will be kinda hard to carry off regardless08:59
fwereadedimitern, and maybe it's not even any worse than it will be *whatever* we do08:59
fwereadedimitern, this plausibly lets us split the whole damn api up into sensible packages though09:00
fwereadedimitern, and that idea makes me very happy09:00
fwereadedimitern, state is a monster09:00
=== davecheney is now known as Jibbers_McGee
fwereadedimitern, and it'll be hard to ever unmonster that, because it's responsible for cross-entity consistency, sanity, etc09:01
dimiternfwereade: bbiab, sorry - 1-109:01
fwereadedimitern, no worries, ttyl09:01
fwereadedimitern, (fwiw, I think the job/task granularity question can be decided a little way down the line: pick one by gut, keep an eye on it, fix it before we release if it seems to be crazy in short-term hindsight)09:05
fwereadedimitern, (by-job is probably easier, fwiw)09:06
fwereadedimitern, (no response necessary while you're busy ;p)09:06
=== Jibbers_McGee is now known as davecheney
dimiternfwereade_: back\09:31
dimiternfwereade_: fwiw, task-based interface seems better to me09:33
TheMuedimitern: rogers new task runner isn't yet merged, isn#t it?09:36
dimiternTheMue: it is, but it's not used yet09:36
TheMuedimitern: hmm, seems i'm looking at the wrong places :)09:36
dimiternTheMue: worker/runner.go09:37
TheMuedimitern: thx09:37
=== alexlist` is now known as alexlist
fwereade_dimitern, let's go with per-task then09:39
fwereade_dimitern, definitely makes it easier to shift tasks between jobs, which I expect we'llneed at some point09:39
dimiternfwereade_: cool, I can throw together a proposal of the interface09:39
fwereade_dimitern, great09:39
dimiternfwereade_: should I start with the provisioner?09:40
fwereade_dimitern, best not, frank is up to the elbows in that at the moment09:41
fwereade_dimitern, let's go with machiner to start with09:41
dimiternfwereade_: ok09:41
fwereade_dimitern, which I *think* is an absolutely minimal set of data and methods09:41
TheMuefwereade_, dimitern: +109:41
fwereade_dimitern, no need to include pinger09:41
TheMue;)09:41
dimiternfwereade_: sure09:42
fwereade_dimitern, I'm not sure how we address wallyworld's concerns re statefulness and connectionlessness09:44
fwereade_dimitern, the latter is a necessity given routing issues, and the former is a consequence thereof AFAICT09:45
fwereade_dimitern, I agree that we're more stateful than we need or want to be long-term, but I don't think it should be addressed today09:45
fwereade_dimitern, does that roughly align with your understanding?09:45
dimiternfwereade_: exactly09:46
fwereade_dimitern, cool09:46
fwereade_TheMue, btw, I noted a comment of yours in the loggo CL: "TODO for whom?"09:48
fwereade_TheMue, AIUI the badging by name is not "who should do this", it's "who should I talk to about this when I hit it"09:48
fwereade_TheMue, if person X is refactoring package Y and sees TODO(Z), and doesn't immediately understand all relevant context, X should talk to Z and take the resulting discussion into account when changing Y09:50
fwereade_s/refactoring/working in/09:51
TheMuefwereade_: ok09:51
TheMuefwereade_: i only know lonely todos as those which never will be done09:52
fwereade_TheMue, so I'm not convinced that TODOs *always* require a badge -- it's just a pointer that is expected to persist better than `bzr annotate`09:53
fwereade_TheMue, I hadn't seen a badged TODO as a commitment to actually DO :)09:53
TheMuefwereade_: it's just short than // HASTOBEDONEONCEWHENANYBODYHASTIME ;)09:54
fwereade_TheMue, yeah :)09:55
TheMuefwereade_: I take them typically as hints for me that I have to do further work here in a second or third step09:55
fwereade_TheMue, sure, it's *great* when someone adds a badged TODO and fixes it 3 days later09:56
TheMuefwereade_: *rofl*09:56
fwereade_TheMue, but I still feel the badge serves the purpose I suggested: to warn others to chat to X before diving in (and thereby discover, hey, it's being done :))09:57
TheMuefwereade_: btw, just a question. it seems to me my "anybody" has been wrong and "somebody" would be the correct term. am i right?09:57
fwereade_TheMue, either reads ok in that context, I think, but maybe "somebody" wins on a technicality09:58
TheMuefwereade_: fine, thanks, still learning09:58
dimiternfwereade_: there it is -> https://docs.google.com/a/canonical.com/document/d/1Yd2Nil43AemnBq8qv003OkWLptiPzuhWGESBcwlI7Nc/edit?usp=sharing10:16
dimiternwallyworld, jam: ^^10:19
fwereade_dimitern, cheers10:19
fwereade_dimitern, hmm, all of those things STM to be better expressed client-side as methods on a *Machine, as before10:25
dimiternfwereade_: i was trying to avoid this10:26
dimiternfwereade_: and make wallyworld happy as a side-effect :)10:26
fwereade_dimitern, yeah, we should talk to wallyworld about what his objections to the agreed (I thought) client-side API are10:27
fwereade_dimitern, the client  side should be fixed if it's stupid, sure10:27
fwereade_dimitern, but we don't have to write the client-side code as a perfect clone of the API we use to implement it10:28
dimiternfwereade_: not sure i understand the last statement..10:29
fwereade_dimitern, Machine.SetStatus(foo, bar) can call MachinerService.SetStatus([]MachineStatus{{id, foo, bar}}), and then we get both a helpful long-term API, and a helpful form of code on the client side10:30
dimiternfwereade_: there's not MachinerService - at server-side we still use Machines.SetStatus, etc.10:32
* TheMue is at lunch, bbiab10:32
dimiternfwereade_: the Machiner facade is client-side only10:32
dimiternfwereade_: at least that's what I understood10:33
fwereade_dimitern, hmm, it seemed to me that we'd get the best of it from doing it server-side -- doing it client-side kinda misses the SOA point I think?10:33
fwereade_dimitern, that's where we need the auth etc after all10:34
dimiternfwereade_: hmm.. good point10:34
fwereade_dimitern, MachinerService (or whatever) thus maps approximately to the *State we pass into workers today10:34
dimiternfwereade_: so then the client-side API is just a 1-1 mapping to the server-side10:34
dimiternfwereade_: how about bulk operations then?10:35
fwereade_dimitern, well, the client-side API can look much as it currently does, but expressed in task-specific terms over the wire10:35
fwereade_dimitern, I *think* we still want bulk ops, on the basis that they're forward-sensible even if we never use them, and boxing/unboxing is little hassle10:36
dimiternfwereade_: that's exactly what wallyworld was agains aiui10:36
fwereade_dimitern, he was against bulk ops?10:36
fwereade_dimitern, ah sorry, against keeping the existing client-side API?10:36
dimiternfwereade_: no, against client-side objects even when they are proxying to server-side services10:36
dimiternfwereade_: yeah10:36
dimiternfwereade_: how about a hybrid approach?10:37
fwereade_dimitern, changing that is IMO busywork with no benefit, and it obscures the actual logic of the machiner10:37
fwereade_dimitern, a machiner's about messing around with a single machine10:38
dimiternfwereade_: still have Machines at server-side, with bulk ops, as now, but in addition have the Machiner facade as well10:38
dimiternfwereade_: which will use the machines service but for a single machine10:39
fwereade_dimitern, IMO the per-task facades make sense server-side, and let us drop the Machines, Units, etc service-alikes he';s not keen on10:39
fwereade_dimitern, the issue with "Machines" is that it's a weird division and not very servicey10:39
dimiternfwereade_: not really - the "service" deals with machines10:39
dimiternfwereade_: that's like openstack api for servers10:40
fwereade_dimitern, yeah, but lots of things deal with machines -- splitting by entity kind seems weaker than splitting by groups of business-logic ops that fit well together10:40
dimiternfwereade_: ok, if we do that, then i cannot see where the bulk ops come into play10:41
dimiternfwereade_: if the api is task-oriented (which is still SOA imho), then we don't really need bulk ops at all10:41
dimiternfwereade_: we'll need them only for client-facing apis like for the gui/cli10:42
fwereade_dimitern, consider the provisioner -- where long-term we'll want Lifes, InstanceIds, etc10:42
fwereade_dimitern, the machiner doesn't need them now and perhaps never will10:43
fwereade_dimitern, but habitually expressing things as bulk ops means we never need to make that decision, and hence never run the risk of getting it wrong10:43
dimiternfwereade_: fair enough, then we'll introduce bulk ops on methods of the task facades, as needed10:43
fwereade_dimitern, I agre that in the narrow machiner context we probably never will10:43
dimiternfwereade_: but not *everywhere by default*10:43
fwereade_dimitern, I'm advocating everywhere by default, because the cost of doing so is low and it inculcates good habits10:44
dimiternfwereade_: the cost is not low at all in the case of the machiner10:44
fwereade_dimitern, expand please10:44
dimiternfwereade_: if the facade operates on a single machine, why do we need to pretend is works on multiple machines?10:45
fwereade_dimitern, because, say, getting machine life *is* an op we will need in bulk10:45
dimiternfwereade_: on the other hand, for the provisioner - most ops will be bulk, but still they're on the facade as methods10:45
fwereade_dimitern, the machiner only wants one at a time, but the provisioners will want N10:45
dimiternfwereade_: if we're talking about eventually changing the underlying state API to default to bulk ops, i agree10:46
fwereade_dimitern, we can then make the auth the responsibility for the facades, and implement the machine-life-getting separately, as called by both10:46
dimiternfwereade_: but for the case of the machiner single ops suffice10:46
dimiternfwereade_: so you're talking about a hybrid approach after all - having both Machines (w/ bulk ops by default), and facades, using Machines as well - in case of machiner single ops, with the provisioner - bulk ops?10:47
fwereade_dimitern, no... Machines should never be exposed10:48
dimiternfwereade_: i'm not saying it should be10:48
fwereade_dimitern, but an apiserver-internal Machines might actually fit very nicely10:48
dimiternfwereade_: it can be an internal "service"10:48
dimiternfwereade_: exactly10:48
fwereade_dimitern, and having the various services expressed with a consistent vocabulary is IMO an end in itself10:48
dimiternfwereade_: ok, it gets clearer now10:49
dimiternfwereade_: apiserver.machines, units, etc. are there10:49
dimiternfwereade_: and the exposed facades apiserver.Machiner, etc. use them internally10:50
dimiternfwereade_: this simplifies the srvmachines implementation, because it doesn't have to care about authz at all10:50
dimiternfwereade_: it'll be done on the facades only10:50
dimiternfwereade_: does it make sense?10:51
fwereade_dimitern, yes, with the caveat that the thing I want to prescribe is that the data on the wire be expressed as (1) bulk ops on (2) business-logic-level services; the internal services are a possible implementation detail that seems ATM like a good idea, but which doesn't lock us into anything going forward10:51
fwereade_dimitern, yeah10:51
fwereade_dimitern, the rason I'm quibbling about the internal machines is that we'll actually want that stuff to migrate into the *state* package long-term, I think10:52
dimiternfwereade_: see, now I'm not following you10:52
fwereade_dimitern, so we can do bulk *db* ops to get, say, life for 10k machines in one go10:52
dimiternfwereade_: bulk ops *on-the-wire* applies only to the exposed facades' methods10:52
fwereade_dimitern, without having to suck up 10k lists of assigned units as well10:53
fwereade_dimitern, yeah, that is my primary focus10:53
dimiternfwereade_: ok, then we're on the same page10:53
fwereade_dimitern, but it supports, in the long term, smarter and more efficient usage of the underlying db10:53
fwereade_dimitern, and so while a Machines service is probably a good idea today, it's not a prerequisite for what I'm after10:54
dimiternfwereade_: agreed - once we're free to develop the state api w/o having to worry about breaking the agents, we can improve the actual calls to be bulk10:54
fwereade_dimitern, and as soon as we've isolated state from everything except the API server, we start to be able to slice and dice the interface of the *state* package such that things like the Machines service become redundant10:55
fwereade_dimitern, exactly10:55
dimiternfwereade_: i'll change the proposal to reflect what we just discussed then10:55
fwereade_dimitern, <310:55
fwereade_dimitern, is your standup about to start?10:57
dimiternfwereade_: in 30m10:57
fwereade_dimitern, ok, cheers -- if I'm afk when wallyworld's ready for a chat, text me please, I'd like to make sure we're all on the same page asap rather than waste your time again :)10:59
dimiternfwereade_: sure, np :)11:00
wallyworldfwereade_: dimitern: hi, i just got back from soccer, did you guys want a chat?11:02
dimiternwallyworld: now or after standup? jam said he won't be around until standup time11:04
wallyworldnow is fine11:04
dimiternfwereade_: you as well can chat now?11:05
dimiternwallyworld: just a sec, texting fwereade_11:08
fwereade_wallyworld, dimitern, sgtm11:08
dimiternfwereade_, wallyworld: ok https://plus.google.com/hangouts/_/7964c6d4ac01386655b7ddf69dbc9cd43365a91a?authuser=0&hl=en11:08
danilosjam, dimitern, hi, are we having a stand-up?11:35
jamyep!11:38
fwereade_wallyworld, look at it like this: by delivering an API, we create real value right now wrt things the business needs *soon*; by refactoring all the client code on top of that, we just increase risk. Maintaining the domain-object style of the pre-existing client code is cheap and easy, and does *not* make it any harder to fix later; but trying to fix the programming model right now across the board *does* impact our ability to deliver real value11:40
* fwereade_ lunch11:40
dimiternfwereade_: ping me when you're back please12:02
fwereade_dimitern, ping12:03
dimiternfwereade_: i'll start a hangout12:04
dimiternfwereade_, wallyworld, jam: https://plus.google.com/hangouts/_/609bce415113fdec03001e8ade27f75c41945d7e?authuser=0&hl=en12:04
=== wedgwood_away is now known as wedgwood
=== wedgwood is now known as Guest21017
=== wedgwood_ is now known as wedgwood
=== tasdomas is now known as tasdomas_afk
fwereade_someone else please review https://codereview.appspot.com/9641044/ for frankban15:19
fwereade_ttfn guys, I'll be around again later tonight15:26
FunnyLookinHatAnyone here know why I'd be getting a 411 Length Required error when trying to bootstrap?  Is the client request class not sending proper headers for some reason?15:37
FunnyLookinHatI can't determine if the headers are being attached or not because I haven't found a way to dump the requests being sent :-(15:37
=== hatch_ is now known as hatch
arosalesran into this juju core bug this weekend17:11
arosaleshttps://bugs.launchpad.net/juju-core/+bug/118706217:11
arosalesis anyone else running into this on HP's cloud?17:11
fwereade_arosales, `juju image-metadata -i 81078` will generate a pair of files somewhere inside $JUJU_HOME that you need to upload to your public-bucket17:33
fwereade_arosales, I thought wallyworld sent a mail about it, but I could be wrong17:34
arosalesfwereade_, to juju list or juju-dev17:34
fwereade_arosales, I can't seem to find it so that may just have been a fever dream17:34
arosalesI very well could have missed it too17:34
* arosales running behind on list email17:35
fwereade_arosales, I'm pretty sure that if you run that command, though, it tells you what to do next17:35
fwereade_arosales, sorry drive-by, I'm not really at work any more17:35
arosalesfwereade_, do I get 'juju image-metadata" with the ppa juju-core?17:35
arosalesor do I need to do that from source?17:35
fwereade_arosales, hmm, I will be upset if we released simplestreams-only without including the workaround17:36
fwereade_arosales, run that command and rage at me if it doesn't help you :)17:36
arosalesfwereade_, will do17:37
arosalesI had to remove juju core17:37
arosalesand had to fall back to juju for my demo this weekend17:37
fwereade_arosales, dammit, sorry about that :(18:10
fwereade_arosales, I'm often around at antisocial hours but was ill last w/e18:10
fwereade_arosales, was that the problem?18:10
arosalesfwereade_, no worries18:10
arosaleshad a demo at texas linux fest I had to fall back to .7 for18:11
jcastroarosales: did the demo go well overall?18:26
arosalesjcastro, ya .7 went well18:27
arosaleshad good interest and questions.18:28
arosalesfwereade_, do you know what the valid inputs are for series?19:14
arosaleshttp://pastebin.ubuntu.com/5730353/ ?19:14
fwereade_arosales, you don't want the "="s in there20:51
fwereade_arosales, `juju image-metadata -s precise ...`20:52
wallyworldfwereade_: arosales: just saw the backscroll - i did send emails and it's in the release notes how to use image-metadata to generate local simplestreams data20:52
fwereade_wallyworld, yeah, I *thought* you had, I must just be stupider than I look20:53
wallyworldi tested with canonistack20:53
wallyworldyou do not look *that* stupid :-)20:54
arosalesstill getting http://pastebin.ubuntu.com/5730651/20:54
arosalesfwereade_, thanks or the response btw, I know it is late for you.20:54
fwereade_arosales, no worries :)20:55
wallyworldarosales: did you copy those files to your public bucket?20:55
fwereade_arosales, I don't think you want any of those "="s at all, fwiw20:55
arosaleswallyworld, no  I didn't.20:56
arosalesI suspect I should find the release notes and follow the instructions . . .20:56
wallyworldarosales: it's in the instructions - perhaps i need to make it clearer20:56
arosalesfwereade_, noted on the "="20:56
wallyworldit's also on the command line after you run the command20:56
wallyworldarosales: i haven't come across a meeting invite - you said you scheduled one for tomorrow? i only just woke up so may be not have found it in my inbox20:59
thumpermorning21:00
thumperhi wallyworld21:01
thumperwallyworld: early for you21:01
wallyworldthumper: hi, how's the dog21:01
thumperbouncy21:01
wallyworldyeah21:01
wallyworldi bet21:01
wallyworldthe girls like him?21:01
thumperoh yes21:02
thumperand her21:02
thumperpepper is a girl21:02
thumperI think I'll call her pepper pots21:02
wallyworldah, i forgot21:02
wallyworlddogs are great. we love ours21:02
thumpershe has settled down now21:02
wallyworldyeah, takes a day or two21:03
thumperI've moved into the lounge so I can close it off and watch her21:03
thumperwell everyone else has left21:03
thumperkids at school21:03
thumperand rachel at work21:03
wallyworldi gotta go do school drop off now. back after breakfast etc21:03
arosaleswallyworld, ah I forgot to add you to the invite21:04
arosaleswallyworld, sorry21:04
arosaleswhich makes the scheduling tuff21:05
arosaleswallyworld, fwereade_ regarding simple streams. As this is a fundamental change to the way users expect Juju to work do you plan on making this backwards compatible or optional?21:06
arosalesie the use of simple streams?21:06
fwereade_arosales, simplestreams is intended to be the One True Way going forward; but we hope that for most public clouds we wil be publishing everything needed via cloud-images.ubuntu.com21:07
arosaleswallyworld, perhaps I can follow up with you and dave later in the evening regarding simple streams21:09
arosalesfwereade_, gotcha.  Now we just need to be sure we are publishing everything to cloud-image.ubuntu.com21:09
fwereade_arosales, yeah; there has an issue with us publishing unsigned simplestreams data to the HP bucket, misrepresenting the images as being Official Ubuntu Images -- I think there's a thread you're in somewhere..?21:11
* fwereade_ looks at his mail again21:11
arosalesya, I think I saw ben howard raise that concern21:12
fwereade_arosales, I've just accepted the invite for tomorrow, thanks21:12
arosalesfwereade_, thanks. I"ll follow up with wallyworld and dave later in the US day to get their input/feedback too.21:13
wallyworldarosales: sorry, was doing school drop off21:51
arosaleswallyworld, no worries22:08
* thumper takes the dog for a walk...22:11
wallyworldarosales: ping me today if you have any immediate questions, or otherwise we can ensure everyone is on the same page tomorrow at the meeting22:42
arosaleswallyworld, will do.  I am seeing a few interesting stack traces in go-juju22:48
arosalesbut perhaps that is just my environment.22:48
arosalesif it is repeatable I will open up a bug for triage22:48
wallyworldyeah, we would love to get all these things fixed22:49
wallyworldwe're not seeing them as devs but end users have all sorts of different set ups22:49
wallyworldand we know that if there are issues (with env or whatever), we need to, in places, improve the error reporting etc22:50
wallyworldthumper: back from the walk?23:09
thumperwallyworld: yeah, have been for ages23:09
thumperthe dog doesn't take long walks23:09
thumperyet23:09
thumperand it is cold outside23:09
thumperI had to coax her out23:09
wallyworldi bet23:09
wallyworldquick chat?23:09
thumpersure23:09
wallyworldhttps://plus.google.com/hangouts/_/d3f48db1cccf0d24b0573a02f3a46f709af109a623:10
mrammthumper: you around?23:12
thumpermramm: yep, chatting with wallyworld now23:12
mrammthumper: cool!23:12
mrammthumper: got time to chat for a few in like 15 min?23:13
thumpermramm: wallyworld said to talk to you first23:13
mrammhahaha23:13
mrammok23:13
thumperhe said it like "mramm is in a worse timezone and needs sleep, so talk to him first"23:13
mrammhahaha23:13
mrammI guess I was at a meeting with him 12 hours ago23:14
thumpermramm: are you starting a hangout/23:14
thumper?23:14
mrammyep23:14
mrammone sec23:14
thumperwallyworld: I'm off with mramm now23:38
wallyworldok23:38
wallyworldsame url as before23:38

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!