wallyworldarosales: found what's happening - it works if you use the --upload-tools open. not using that option causes a code path to be run which resets the current client credentials. this didn't matter previously but does now00:13
wallyworldarosales: ping me when you are back online and we can discuss a resolution00:15
arosaleswallyworld, and --upload-tools requires building from source?00:15
arosaleswallyworld, no go for OSCON00:15
wallyworldi can work on a fix00:15
wallyworldbut i guess that means cutting a new release00:16
arosaleswallyworld, we can't have charm school attendees building from source :-/ Kind of takes away from the juju simplicity00:16
arosalesand a bug fix is in the same realm too :-/00:16
* arosales not sure how difficult it would be to do a release with just your bug fix . . .00:17
wallyworldi guess a bug fix is more palatable though00:17
wallyworldthat should be possible00:18
arosaleswallyworld, but I guess you need to find the issue on the cred reset too00:19
wallyworldarosales: i found what's causing it - not uploading tools triggers a code path that resets the creds. it didn't matter before but does now. i just need to figure out a fix00:20
arosaleswallyworld, ok. I'll leave you too that and we can sync with dave when he comes on line with possible solutions00:21
wallyworldarosales: sounds good. i have a simple fix i can do, just need to think if it's the best way00:21
arosalesfwiw I filed bug https://bugs.launchpad.net/juju-core/+bug/120390800:23
_mup_Bug #1203908: 1.11.3 does not bootstrap on HP Cloud <juju-core:New> <https://launchpad.net/bugs/1203908>00:23
arosaleswallyworld, I am going to step away from the keyboard for a few, but I'll check back online later00:32
axwhello... who's awake?01:16
axwdavecheney: morning01:17
davecheneyaxw: hey01:17
thumperhi axw01:17
axwthumper: hiya01:17
davecheneyso, dependencies really grind my gears01:17
thumperaxw: do you know duflu from elsewhere?01:17
davecheneyi'm tired to seeing jtv have to ask for the bot to be updated01:18
axwthumper: heh :) yes, we worked together at Micromuse and IBM01:18
davecheneyi'm going to prpose a script that does the checkout for it01:18
davecheneyso the bot checks out the code01:18
davecheneyruns the script which gets the deps01:18
davecheneyjob done01:18
thumperheh... if I hadn't just gone to the gym I'd be worried... I got the shakes in my hands01:18
thumperamusing to watch01:18
thumperfirst workout in two weeks due to illness01:19
thumperfelt good01:19
davecheneythumper: man flu, or real flu01:19
thumperwasn't flu01:19
thumperjust a persistent cough and fever01:20
thumperkid flu passed on01:20
thumpercan't work out coughing your guts out01:20
thumperhowever managed the entire workout without one single cough01:20
thumperso I feel over it now01:20
axwSo, I want to fix a bug I found yesterday in juju-core. Can someone give me a brief walkthrough of creating bugfix/feature branches on LP?01:21
thumperaxw: happy to01:21
thumperbut I need to grab a smoothie first01:21
thumperaxw: gimmie 5 minutes?01:21
thumperaxw: then we can do a google hangout?01:21
thumperaxw: are you set up for hangouts?01:21
axwthumper: sounds good01:21
davecheneycan I get in on this one ?01:22
axwthumper: should I have G+ on my Canonical account?01:22
davecheneyor at least listen in01:22
davecheneyi dunno if this laptop has a mike01:22
thumperaxw: yep01:22
thumperdavecheney: yes happy to have you listen in01:22
axwI'll get it set up while you get your drink01:22
davecheneyit may not work01:22
thumperaxw: also make sure you have your ssh key up on LP to start01:22
davecheneythis coworking space has the smallest internet known to man01:22
thumperor wait if you need a walk through on that01:22
axwyeah that's all done01:22
thumperback in 501:22
wallyworlddavecheney: ping01:23
davecheneywallyworld: hey01:23
davecheneysaw your mail01:23
davecheneythanks for replying01:23
wallyworldthe release - we need to cut a
wallyworldbut we need to create a branch and series01:23
wallyworldso i can backport01:23
davecheney_if_ we do a 1.11.3 we _really shold do it from the 1.11.3 tag01:23
davecheneywallyworld: or we could just tag what we have now as 1.11.401:23
wallyworldhence why we need to do a series and branch01:23
davecheneyi think that is simpler01:23
davecheneywallyworld: unless you want 1.11.3 to be 1.1201:24
davecheneyaxw: sorry about these arse backwards version numbers01:24
wallyworlddavecheney: well, 1.11.3 is broken right now01:24
davecheneyfor openstack yes01:24
davecheneybut 1.11.2 was broken in other ways01:24
davecheneyi don't think that is cause to deviate from what we've done in thepast01:25
davecheneyi'd be happier to tag trun 1.11.401:25
davecheneystart 1.11.501:25
davecheneyand then 1.11.4 can become the new stable branch01:25
wallyworlddavecheney: there are guys at OSCON who need a package version to work01:25
davecheneythat is why I want to do is as I said aboce01:25
davecheneyi know that will be the fastest way to get it going01:25
wallyworldok. i'll propose a branch01:26
wallyworldwith the fix01:26
davecheneywallyworld: are you your keys also know to the bot ?01:26
davecheneyi might have to ask you to do the tag for me01:26
wallyworldhope so01:26
wallyworldi'd also want to longer term sort out if we need to change SetConfig() not to be dumb01:26
wallyworldi've never tried01:27
davecheneywallyworld: i can send you the words01:27
davecheneyyou just have to type them01:27
wallyworlddavecheney: sure. i mean that i'm not sure if my keys work01:27
wallyworldbut i'm more than happy to try01:27
* davecheney throws a chair01:28
davecheneyfuck this bot01:28
davecheneywhat fucking good is it if we have to wait for jam do do our commits for us ?!?!01:29
wallyworlddavecheney: i'll also commit another bug fix that is waiting to land (will help the guys using quantum)01:29
axwwallyworld: are you fixing the openstack bootstrap bug?01:29
wallyworldaxw: yes indeed01:29
axwsorry I'd have proposed a fix yesterday, but I wasn't sure how yet :)01:30
wallyworldaxw: hey, no problem :-) i didn't know it was broken till i found out on irc today01:30
thumperdavecheney, axw: https://plus.google.com/hangouts/_/ee0597b40c9b901559b872299a2b1678184b8e6a?hl=en01:32
davecheneyhere goes nothing01:35
wallyworldarosales: you back?01:37
wallyworlddavecheney: thumper: when you are free https://codereview.appspot.com/1170304301:47
davecheneywallyworld: will you punch me if I ask for a test ?01:50
wallyworlddavecheney: yes. the live tests would have failed01:50
davecheney+1 then01:50
davecheneycommit that shit01:50
wallyworldthanks :-)01:50
wallyworldthumper: you able to +1 that mp so i can get it landed for the 11.4 release?02:24
thumperdavecheney: wanna +1 my mega state.Tools removal branch02:24
thumperwallyworld: sure, link me up02:24
axwdavecheney: should I have an account for leankit?02:25
davecheneyaxw: yes, i don't know how to create one02:26
davecheneyaxw: write to mramm and ask for one02:26
davecheneysorry it's been a while02:27
davecheneyi can't remember how I came by mine02:27
hazmatedge phones going fast02:34
davecheney12 hours til the price goes up02:35
wallyworldthumper: do you want me to beg?02:39
bigjoolswallyworld: you should be used to begging after years of marriage02:41
wallyworldyes indeed02:41
wallyworldbigjools: like you can talk anyway02:41
bigjoolswe're all whipped my friend02:41
wallyworlddavecheney: waiting on a 2nd +1 - maybe i should just land it so the release can progress02:47
thumperwallyworld: sorry, no begging needed, but house guest arrived02:51
wallyworldbut i can if you want02:52
wallyworldi'm quite good at it02:52
thumperwallyworld: ok, beg02:52
* thumper waits02:52
* wallyworld is down on his knees02:53
davecheneywallyworld: just land that shit02:53
wallyworldthan you02:53
davecheneyif anyone complains, the can blame me02:54
thumperdavecheney: I +1ed it02:56
thumperdavecheney: next time go "LGTM - trivial"02:56
thumperalthough jam has suggested going with just one review to land02:56
thumperwhich would unblock people02:57
thumperdavecheney: like this trivial one: https://codereview.appspot.com/11561044/02:57
davecheneythumper: trivial my arse02:58
davecheneyit's larger than the fucking codebase02:58
arosaleswallyworld, back03:05
davecheneywallyworld: $ bzr tag -d bzr+ssh://go-bot@bazaar.launchpad.net/~goose-bot/goose/trunk03:06
davecheney-r1494 juju-1.11.303:06
davecheney^ magic to tag 1.11.403:06
davecheneyobvoiusly with a different tag name and revno03:06
wallyworldarosales: a new release is being built. i couldn't fully test bootstrapping because i don't have permission to access the compute nodes. but the original promlem is solved03:06
wallyworlddavecheney: will do. bot is building now03:07
davecheneywallyworld: thanks mate03:08
arosaleswallyworld, thats good news. Thanks for working on it.  I saw you had to beg too. I appreciate that type of commitment ;-)03:12
_mup_Bug #1203935: Some EC2 instance prices specified in octal <juju-core:New> <https://launchpad.net/bugs/1203935>03:13
arosaleswallyworld, sorry I didn't fully parse, "I don't have permission to access compute nodes."03:13
wallyworldarosales: np. hopefully it's no too much inconvenince for the OSCON guys03:13
wallyworldarosales: when i bootstrapped, it said there image id didn't exist. from the web console, i click on the compute links and it says i have no permission03:14
arosaleswallyworld, hmm your a compute admin, let me make you an image admin too03:15
arosaleswallyworld, made you an image mange admin too.03:16
davecheneyaxw: do yo uwant to https://bugs.launchpad.net/bugs/120393503:16
_mup_Bug #1203935: Some EC2 instance prices specified in octal <juju-core:New> <https://launchpad.net/bugs/1203935>03:16
davecheneytake a look at this bug03:16
wallyworldarosales: thanks, i'll try again in a bit. but i'm sure it will be ok now03:16
davecheneymight be a easly one to work your the kinks on03:16
axwdavecheney: sure03:16
arosalesbigjools, will azure be in 11.4?03:18
davecheneyoh son of a bitch03:18
arosales1.11.4 that is03:18
davecheneyi'll have to commit it out03:18
davecheneycomment it out again03:18
arosalesdavecheney, bigjools was saying it was working03:18
bigjoolswhy don't you make release branches?  this is stupid03:18
bigjoolsarosales: no I didn't!03:18
arosalesbigjools, :-)03:18
davecheneybigjools: i don't have a good reason for why we don't have this03:19
arosalesbigjools, ah reading your email now I see you had to manually deploy03:19
bigjoolsrelease branches or config flags would help here03:19
arosalesbigjools, I thought if I said it enough it would come true03:19
bigjoolsarosales: it will, soon :)03:20
arosalesbigjools, its good progress03:20
arosalesdavecheney, bigjools, hello btw03:21
arosalesso this is where all the fun happens :-)03:21
arosalesI should join this channel more often when I am up late03:21
davecheneyarosales: c'mon man, i joined your eco channel, even when #juju-dev is where it is at03:22
wallyworldarosales: works :-)03:22
wallyworldjust bootstrapped on hp cloud03:22
arosalesdavecheney, well said03:22
arosaleswallyworld, good to hear03:23
bigjoolsdavecheney: anyway not sure you need to remove azure again03:23
bigjoolsit works w/o go-curl now03:23
davecheneybigjools: ok03:23
davecheneythe biuld recipe always pulls the latest deps03:24
bigjoolsexcellent apart from the huge fork of 1.0.1 Go code in gwacl03:24
wallyworlddavecheney: that tag command above - it says goose but surely you meant juju-core? or i guess we need to tag all the dependencies too?03:25
davecheneywallyworld: i just copied that from what gz sent me03:25
davecheneyif that isn't what he ran03:25
davecheneythen he's a liar03:25
davecheneywallyworld: are you able to put my key on the bot so I can do this myself ?03:26
wallyworldi don't think so. i'll chck03:26
wallyworlddosn't appear so03:28
wallyworldi'll tag both goose and juju-core03:29
wallyworlddavecheney: tags done for goose rev 99 and juju-core rev 1514. and yes, that command was slightly incorrect03:31
davecheneywallyworld: thanks mate03:32
wallyworldnp. hopefully it will build all ok03:32
davecheneywhat could possibly go wrong03:37
davecheneywallyworld: while i'm screwing with this03:37
davecheneycan you please make sure those two bugs are assigned to 1.11.4 and stuff03:37
wallyworldah yes, will do03:37
davecheneyta muchly03:37
davecheneybollocks, have to do release notes as well03:38
arosalesdavecheney, just +2 bugs fixes from 1.11.3 correct?03:39
davecheneyarosales: yup03:40
arosalesfwiw I appreciate the emergency 1.11.4 build03:44
davecheneyno worries03:45
wallyworlddavecheney: arosales: there was a bug fixed for 1.11.3 not tagged as such, so i added it to 1.11.4 so folks had visibility to it. bug 119522303:45
_mup_Bug #1195223: juju all-machines.log is repetitive and grows unbounded <juju-core:Fix Committed by wallyworld> <https://launchpad.net/bugs/1195223>03:45
davecheneywallyworld: did I miss that one ?03:46
davecheneywas it linked from the leankit card ?03:46
davecheneythis is the way i do the release notes03:46
arosalesbtw, who let 1.11.3 go out the door with out it bootstrapping on hp cloud ;-)03:46
wallyworlddavecheney: no, it was my fault. i didn't assign it to any milestone03:46
wallyworldarosales: those of us without hp cloud creds :-)03:47
davecheney1. read cards in leankit, if they are bugs and have an lp link I tried to reframe the bug in the release notes03:47
davecheneyif they sort of look like internall stuff, like the containers work, i omit them from the release notes03:47
wallyworlddavecheney: i suspect there was a card on leankit but the bug number may not have been there. not sure now03:47
davecheneyno worries03:47
davecheneynoone died03:47
arosaleswallyworld, ah so now that you have hp creds that issue should be solved03:47
wallyworlddavecheney: we devs need to take more responsibility for managing our bugs03:47
wallyworldarosales: indeed03:47
wallyworlddavecheney: in launchpad land, our qa process was much stricter and all branches had to have bugs attached etc and so work couldn't slip through unnoticed03:48
axwwhat level of access to my account does lbox/lpad need?03:49
davecheneywallyworld: i'm not sure how to answer that03:49
davecheneyshould we aspire to being more like lp, or less ?03:49
davecheneyaxw: ahh, ther is a trick03:49
davecheneyread the CONTRIBUTING03:49
wallyworlddavecheney: in respect to some process type things, more like it03:50
davecheneyfrom memory you need to bzr launchpad-login03:50
davecheneyor something (it is documented)03:50
axwdidn't see that, thanks03:50
davecheneyto generate an oauth key so lbox can fiddle with lp on your behalf03:50
davecheneyaxw: protip, do it from a fresh terminal so it can fire 'sensible-browser'03:51
davecheneywallyworld: what is the tag for goose ?03:54
davecheneygoose-1.11.4 ?03:54
wallyworldsince it's a part of juju03:54
davecheneywallyworld: https://code.launchpad.net/~dave-cheney/+recipe/juju-core03:55
davecheney^ while I was there03:55
* davecheney goes to rant onthe agenda notes03:55
* wallyworld looks03:56
davecheney^ looking for the lp # for the two (3) bugs fixed03:56
wallyworlddavecheney: goose tag looks wrong in the recipe03:56
wallyworldbug 118950703:57
_mup_Bug #1189507: juju-core duplicates quantum security groups <openstack> <serverstack> <juju-core:Fix Committed by wallyworld> <https://launchpad.net/bugs/1189507>03:57
wallyworldbug 119522303:57
_mup_Bug #1195223: juju all-machines.log is repetitive and grows unbounded <juju-core:Fix Committed by wallyworld> <https://launchpad.net/bugs/1195223>03:57
wallyworldbug 120365803:57
_mup_Bug #1203658: bootstrap fails with openstack provider (cannot get endpoint URL without being authenticated) <juju-core:Fix Committed by wallyworld> <https://launchpad.net/bugs/1203658>03:57
davecheneythanks mate03:58
axwshould I be adding "-cr" to get a Rietveld review going?04:09
axwer sorry, add to lbox propose04:09
axwdidn't see it in the CONTRIBUTING doc, but I didn't get any codereview URL from lbox propose04:09
bigjoolsplz to be reviewing https://codereview.appspot.com/1162104404:11
bigjoolsaxw: I just set up a new lbox and didn't need to do that04:12
davecheneyaxw: you _can_ there is a .lbox file in the root of the repo04:25
davecheneywhich I think does that for you04:25
davecheneyie, it adjusts some of the defaults04:25
axwdavecheney: thanks, I saw that later (and thanks bigjools). I think the propose failed due to my lack of permissions in editing bugs04:26
* bigjools longs for lbox death04:27
davecheneybigjools: we should move to github04:27
* davecheney ducks and is glad he doesn't live in BNE04:27
bigjoolstalking of gits... :)04:28
bigjoolswhatever we do, as long as lbox is not involved I'm good04:30
wallyworldlaunchpad is the company standard tool04:31
wallyworldwe should NEVER has used anything else04:31
davecheneywallyworld: you're probably right, but nobody realised you could manage bzr checkouts in your $GOPATH with lightweight checkous04:32
* bigjools is using bzr native colo too04:33
wallyworlddid anyone ask?04:33
wallyworldwhy assume such things?04:33
wallyworldit's not like the bzr folks work for a different company or anything like that04:33
davecheneywallyworld: when i joined the team I was told do it this way04:33
davecheneyyou know very well why I wouldn't challenge that04:33
wallyworldyeah, i realise. enough said ;-)04:34
* davecheney thinks of austin, starts to twitch04:34
davecheneywhere the frack did we end up04:34
bigjoolsbzr branch lp:juju then bzr switch -b co:mynewbranch04:34
bigjoolsin other news, the royal lizard hatched04:36
davecheneyi bet all the folks who campaigned for a republic back in 2004 are shitting their pants now04:38
bigjoolsWilliam's heir is coming out04:38
davecheneyright now ? this second ?04:39
thumperbigjools: what?04:41
thumperbigjools: lp:juju is the old juju04:42
bigjoolsthat's what he said04:42
thumperbigjools: also, co: ick04:42
bigjoolsjuju-core then, whatever04:42
bigjoolswhat's wrong with co:?04:42
bigjoolsworks fine for us Reds04:42
thumperI just never liked colocated branches04:44
bigjoolsnormally I have lightweight checkouts and use a sandbox04:45
bigjoolsand no-tree branches04:45
bigjoolsbut go fucked all that over04:45
davecheneyarosales: ping04:47
arosalesdavecheney, pong04:47
thumperbigjools: why, it works for me04:48
thumperbigjools: my branch in GOPATH is a lightweight checkout04:48
thumperand I use switch and pipelines04:48
bigjoolsthumper: first is that "go get" is broken because I aliased bzr branch to use --no-tree04:49
bigjoolssecond is that my no-tree branches are normally in the same dir as go sources, so things get confusing quickly04:49
bigjoolsgo projects, I mean04:49
thumperbigjools: I have ~/src for repos04:50
thumperand branches04:50
thumperand just checkouts in GOPATH04:50
bigjoolsis there an easy way of referencing that when using bzr switch without typing the whole path?04:50
bigjoolsif so, I am totally switching back04:51
davecheneyarosales: if you apt-get update && apt-get install juju-core04:51
thumperbigjools: so here is what I do04:51
davecheneyyou should have 1.11.404:51
davecheneytools are uploading now04:51
davecheneybut precise/amd64 is done04:51
arosalesdavecheney, doing that now04:51
thumperbigjools: lets assume we are starting with $GOPATH/src/launchpad.net/juju-core as a lightweight checkout of ~/src/juju-core/trunk04:51
thumperbigjools: to make a new branch:  bzr switch -b new-work04:52
thumperbigjools: to go back to trunk: bzr switch trunk04:52
thumperswitch looks in the parent dir of the current checkout by default04:52
thumperparent dir of the branch of the checkout04:52
davecheneythumper: didn't you write a document on this ?04:52
thumperdavecheney: yes04:52
bigjoolsthumper: ah parent of the *branch* !04:52
bigjoolsI thought it was parent of the checkout04:52
thumperbigjools: yep04:52
thumperit may well do that too04:53
bigjoolsthat's fucking fantastic04:53
thumperand then: bzr push04:53
thumperbecause the push append_policy is linked to the branch, not the checkout04:53
thumperautomagically goes to the right place in LP04:53
bigjoolshave that bit sussed already04:53
thumperthat is also documented04:53
* arosales has bootstrapped on hpcloud with 1.11.404:54
* davecheney high fives wallyworld 04:55
davecheneydown low !04:55
thumpertoo slow04:55
davecheneyoooh, too slow04:55
bigjoolsfive side04:56
arosaleshttp://pastebin.ubuntu.com/5902956/ thanks for the fast fix and release04:56
bigjoolsscuba dive04:56
arosaleswhy do I only see this error on hpcloud04:59
arosales$ juju deploy wordpress04:59
arosaleserror: no instances found04:59
arosalesif I ran that right after a bootstrap I get that error04:59
* arosales has to wait for a bit longer after bootstrapping04:59
* bigjools believes this can of worms about user expectations was previously discussed05:00
davecheneybigjools: expectatoins == feedback ?05:01
bigjoolsI think it boiled down to either blocking, or providing feedback, yes05:01
bigjoolsI think someone else referenced this lately: https://en.wikipedia.org/wiki/Principle_of_least_astonishment05:02
wallyworldthumper: this one should be ok for you to +1 now https://codereview.appspot.com/11659043/05:03
axwwhere do reviews get mailed to? or do I need to announce them here?05:05
bigjoolsaxw: branch mail from launchpad05:06
axwbigjools: ok. who do I get to add me to that group? I'd like to be able to see changes as they come in - even if I'm not useful as a reviewer yet05:08
bigjoolsaxw: if you are a member of https://launchpad.net/~juju you should get the email by default05:08
thumperwallyworld: done05:09
axwI'm not (yet). I guess I need mramm to authorise that05:09
bigjoolsdavecheney can auth you05:09
davecheneyi can fix05:09
davecheneythis dance05:10
davecheneywhere we add you do groups via a process of eliminatoin05:10
davecheneywelcome to your new job, please mind your step05:10
bigjoolsalthough personally I detest group mail subscriptions05:10
bigjoolsshould really encourage people to subscribe to the branch manually and turn off mail for ~juju05:11
davecheneyaxw: which of the page of andrew walkers are you?05:11
davecheneywell, that would explain it05:11
axwmy username is confusing :)05:12
davecheneyoh, that should do it05:12
davecheneyaxw: re testing that octal change05:15
davecheneyi guess we don't have anything that is testing that the costs work properly05:16
davecheneypersonally I tihnk all that stuff is shit05:16
davecheneyand is going to make us cry trying to solve the traveling saleman problem of finding the cheapest instance for the customer05:16
axwI don't know it wlel enough to comment yet, though it strikes me as something that should be automatically generated. Not sure if AWS provides a nice data source for that tho05:21
davecheneyaxw: fwreade will know, he did that bit (under duress)05:22
davecheneythere was some grumlbing that it had to be created by hand05:22
davecheneyobviously nothing we use that data cared that the cost of a micro was wrong05:23
davecheneynewsflash, thumper all the 600 phones are sold out05:23
davecheneyyou scored a bargin05:24
thumperdavecheney: that I did05:24
thumperwe are at $3.21m now05:24
thumperso my indicator says05:24
davecheney10% of the way there05:24
davecheney94% of the time left05:24
thumperyeah, not holding my breath05:25
thumperwould be good though05:25
davecheney27 million dollars is a lot of money let05:25
davecheneywhich is sort of a shame05:25
davecheneybecause it casts a shadown on the 3.2mm pledged05:25
bigjoolsok someone please fix CONTRIBUTING to tell me not to use lbox submit05:27
thumperbigjools: sumbit a patch05:28
bigjoolsif I touch that file I'd be sorely tempted to remove references to lbox05:29
davecheneybigjools: not til we get inline code reviews in LP05:30
* bigjools is leaning on lp devs to do that05:30
bigjoolsheck, could almost do it myself05:30
bigjoolsnot sure of the attraction personally, but if it gets rid of lbox ...05:31
thumperbigjools: sinzui had ideas too05:33
thumperbigjools: perhaps he is easier to ply with alcohol to get it done05:33
thumperbigjools: get him right in that bulmer curve05:33
bigjoolsbulmer curve, lol05:33
thumperbulmer peak?05:34
thumperprobably spelled it wrong05:34
thumperballmer peak05:34
bigjoolsBulmer's is a brand of cider.  It sounded perfect. :)05:34
* thumper likes bulmer's cider05:35
thumpernice on ice on a hot day05:35
arosalesaxw, I saw your comment on 1173093.05:45
* arosales replied no strong opinion either way05:45
axwarosales: yes, thanks for your reply. going to make the change now05:45
arosalesme nice to get that one knocked out for our docs05:45
arosalesie "showing how to expose a service"05:45
axwjust figuring out bzr at the moment05:46
arosalesmissing a fundamental piece on what port is exposed, regression from juju .705:46
arosalesaxw, thanks05:46
davecheneyarosales: pushed all the other tools05:47
davecheneyare you and jorge happy campers ?05:47
arosalesdavecheney, I have deployed a few services now on hpcloud05:48
arosalesmysql, wordpress, and juju-gui05:48
arosaleslooking good so far05:48
arosalesI haven't checked local provider yet, but I think that is unchanged from 1.11.305:49
arosalesdavecheney, happier camper05:49
arosalesthank you wallyworld and davecheney  :-)05:49
arosalesseeing the hardware info is nice too for machines05:52
arosalesdavecheney, fyi agent versions are at 1.11.3, but working just fine for me.05:52
davecheneyarosales: that can't happen05:52
davecheneythe cli cannot bootstrap with older tools05:53
arosalesdavecheney, I'll destroy and try again and confirm05:54
davecheney-v (always -v)05:54
arosalesdavecheney, did you upload 1.11.4 tools to the hp bucket?05:55
davecheneyhow do I do that ?05:56
davecheneyi don't have permissions to do that05:56
davecheneyi gues mgz or jam must do it when i'm not watching05:56
arosalesI do it manually via the console05:56
arosalesI can add you to that group05:56
arosalesone sec05:56
davecheneyso I think it is magic05:56
arosalesdavecheney, your an object store admin for juju-public-tools05:58
arosalesI mean you were already an admin, no need for me to add you.05:58
arosalesdavecheney, check out arosales@x230:~$ dpkg -l | grep juju-core06:00
arosalesii  juju-core                                 1.11.4-1~1514~quantal1                            amd64        Juju is devops distilled06:00
arosalesarosales@x230:~$ juju --debug bootstrap06:00
arosales2013-07-23 05:55:00 INFO juju provider.go:115 environs/openstack: opening environment "hp-go"06:00
arosales2013-07-23 05:55:00 INFO juju provider.go:417 environs/openstack: bootstrapping environment "hp-go"06:00
arosales2013-07-23 05:55:10 INFO juju tools.go:26 environs: reading tools with major version 106:00
arosales2013-07-23 05:55:10 DEBUG juju.environs.tools storage.go:49 reading v1.* tools06:01
arosales2013-07-23 05:55:10 INFO juju tools.go:30 environs: falling back to public bucket06:01
arosales2013-07-23 05:55:10 DEBUG juju.environs.tools storage.go:49 reading v1.* tools06:01
arosales2013-07-23 05:55:10 DEBUG juju.environs.tools storage.go:69 found 1.10.0-precise-amd6406:01
arosales2013-07-23 05:55:10 DEBUG juju.environs.tools storage.go:69 found 1.10.0-precise-i38606:01
arosales2013-07-23 05:55:10 DEBUG juju.environs.tools storage.go:69 found 1.10.0-quantal-amd6406:01
arosales2013-07-23 05:55:10 DEBUG juju.environs.tools storage.go:69 found 1.10.0-quantal-i38606:01
arosales2013-07-23 05:55:10 DEBUG juju.environs.tools storage.go:69 found 1.10.0-raring-amd6406:01
arosales2013-07-23 05:55:10 DEBUG juju.environs.tools storage.go:69 found 1.10.0-raring-i38606:01
arosales2013-07-23 05:55:10 DEBUG juju.environs.tools storage.go:69 found 1.11.0-precise-amd6406:01
arosales2013-07-23 05:55:10 DEBUG juju.environs.tools storage.go:69 found 1.11.0-precise-i38606:01
arosales2013-07-23 05:55:10 DEBUG juju.environs.tools storage.go:69 found 1.11.0-quantal-amd6406:01
arosales2013-07-23 05:55:10 DEBUG juju.environs.tools storage.go:69 found 1.11.0-quantal-i38606:01
arosales2013-07-23 05:55:10 DEBUG juju.environs.tools storage.go:69 found 1.11.0-raring-amd6406:01
arosales2013-07-23 05:55:10 DEBUG juju.environs.tools storage.go:69 found 1.11.0-raring-i38606:01
arosales2013-07-23 05:55:10 DEBUG juju.environs.tools storage.go:69 found 1.11.3-precise-amd6406:01
arosales2013-07-23 05:55:10 DEBUG juju.environs.tools storage.go:69 found 1.11.3-precise-i38606:01
arosales2013-07-23 05:55:10 DEBUG juju.environs.tools storage.go:69 found 1.11.3-quantal-a06:01
davecheney-v will do06:01
arosalesugh sorry06:01
arosalesbuffer wrong06:01
davecheney--debug is overkill06:01
arosalesdavecheney, but  I see a 1.11.3 agents running from a 1.11.4 client06:06
arosalesdavecheney, if you have a pointer tothe 1.11.4 tools I can upload those to HP cloud06:06
davecheneyin related news, https://github.com/andelf/go-curl06:12
davecheneybug fixed upstream06:12
bigjoolsdavecheney: £$$%^~!"£$^%£06:18
mramm2axw: hey06:19
axwmramm2: hiya06:19
arosalesdavecheney, I see the 1.11.4 tools on aws. I'll download from there and upload to hpcloud06:19
mramm2just getting back from OSCON festivities06:19
mramm2how goes?06:19
davecheneymramm2: nothing to see here, move along06:19
mramm2davecheney: haha06:20
axwnot bad, people around here have been helping me get acquainted with launchpad and bzr06:20
mramm2sabdfl is happy with things today06:20
axwworking on a couple of minor bugs06:20
mramm2axw: that's good06:20
mramm2axw: sorry I have not been around much06:20
axwmramm2: no worries06:21
mramm2axw: if you need anything let me know06:21
axwsure thing06:21
mramm2axw: I know we are all excited to have you on board06:21
davecheneymramm2: sure he is, people have promised him 3.2 million dollars06:21
axwglad to be here :)  wishing I wasn't so inexperienced with these tools though06:22
mramm2thumper and bigjools will not lead you wrong -- well, at least not too much, and not more than I would ;)06:22
davecheneyarosales: don't worry, there isnt any prior learning assumed06:22
bigjoolsmramm2: *innocent face*06:22
mramm2axw: well there is an adjustment period to any new job06:22
mramm2bigjools: well, I was being generous ;)06:23
bigjoolsmramm2: happy to return the same generosity :)06:23
mramm2I know -- you are a good dude06:23
arosalesmramm2, wallyworld and davecheney worked on yet another release ;-)06:23
mramm2arosales: davecheney: great stuff06:23
arosalesall wallyworld and davecheney06:24
mramm2I know mims and jorge will be grateful06:24
mramm2arosales: I know, you and I are just managers -- nothing to see here, please move along06:24
* arosales mostly getting in the way06:25
mramm2davecheney: it's not just the phone stuff -- though that is awesome.   sabdifl is also very happy with the local provider and the gui updates -- he is feeling the juju love06:25
mramm2and as we all know "juju is...."06:25
mramm2"fucking amazing"06:26
* davecheney basks in sabdfl's munificence06:26
davecheneydo you want a happy god, or an angry god ?06:26
mramm2davecheney: well, the key is having a competent god ;)06:27
mramm2and I am happy to work for one of those ;)06:27
mramm2lots of winky faces from me this evening -- perhaps I have had one too many beers!06:27
davecheneyhas anyone been able to get to Gustavo's ubuntu-edge.info ?06:27
mramm2I got to it a few min ago06:27
mramm2on my walk back to the hotel06:27
* davecheney tries his phone06:28
davecheneystupid internet06:28
mramm2if only you had an ubuntu phone -- it would all work perfectly!06:28
mramm2we had a "ubuntu in production" bof this evening, and met lots of people using ubuntu in interesting places06:29
mramm2everything from gas-station management to top 100 web sites06:29
mramm2we asked everybody what they wanted from us, and they all told us that we were perfect06:30
mramm2I don't believe it, but it was nice to hear ;)06:30
arosalesmramm2, remind me to tell hazmat that deployer configs need quotes around "no" and "yes" values or deployer chokes06:31
mramm2arosales: I will try to remind you ;)06:32
mramm2arosales: I will likely be busy for the next couple of days -- so you might also want to make a note of it ;)06:32
arosalesperhaps that is a juju-gui export though06:33
arosalesmramm2, roger.06:33
arosalesmramm2, ack06:33
mramm2arosales: the gui is looking great, got good reviews today06:33
mramm2and jorge castro is in seems to have a geek crush on thumper -- aka: the devops bunny06:34
mramm2because of the local provider, which also got good reviews from hazmat06:34
arosalesmramm2, ha06:35
* arosales glad to see it went full screen by default06:35
mramm2not sure if thumper will be able to live that one down06:35
mramm2oh, and BTW, if any of you wants to go to the openstack summit -- we need some good juju related talk proposals06:39
mramm2shoot them my way so that I can coordinate06:39
mramm2next openstack summit is in hong kong, so those of you on that side of the world have the travel advantage ;)06:41
davecheneymramm2: i hear you loud and clear06:42
mramm2well, I have an early morning, talk to you all later!06:45
arosalesaxw, night and welcome06:47
axwarosales: I'm not going, but if you are going also, good night :)06:48
axwand thanks06:48
rogpeppe1mornin' all07:12
rvbaMorning guys… anyone up for a tiny review? https://codereview.appspot.com/11578043/07:13
davecheneyjamespage: mgz wallyworld just doing the tarball for 1.11.407:15
davecheney1.11.4 _does_ include gwacl07:15
davecheneybut does _not_ include go-curl07:15
davecheneyand does not require libcurl-dev07:16
jamespagedavecheney, ack07:19
davecheneyok, that is it for me07:25
davecheneyreleases are released07:25
davecheneyuploads are uploaded07:26
davecheneybuttons pressed07:26
davecheneyticks boxed07:26
dimiternmachiner api-ed07:26
davecheneyopenstack, stacked07:27
dimiternubuntu edged ;)07:27
* davecheney rimshot07:28
dimiternman, more than $3.2M pledged in less than a day07:28
wallyworlddimitern: i won't make the meeting. i'm about to go play soccer07:36
dimiternwallyworld: ok07:39
wallyworldi'm sure you won't miss me07:39
dimitern:) sure07:40
=== ChanServ changed the topic of #juju-dev to: https://juju.ubuntu.com | On-call reviewer: rogpeppe | Bugs: 5 Critical, 76 High - https://bugs.launchpad.net/juju-core/
axwwhat LeanKit board(s) are being used for juju-core? i.e. what boards should I request access to?08:09
rogpeppe1axw: https://canonical.leankit.com/Boards/View/10314806908:11
axwrogpeppe1: thanks08:11
noodles775Hey there. I tried to install from source yesterday, but it failed with "No package 'libcurl' found. I read above that libcurl-dev is no longer required with todays release, so just tried the source again - which doesn't error, but doesn't result in $GOPATH/bin/juju either: http://paste.ubuntu.com/5903326/08:20
noodles775Hrm - nm. It looks like I'm confused by the output of the second "go install" there, the exit status is still 1.08:22
* noodles775 installs libcurl-dev.08:22
rvbanoodles775: go-curl (and thus libcurl) should not be a dependency any more… are you installing from fresh or upgrading?08:25
rvbanoodles775: could you make sure gwacl is up to date by running: go get -u launchpad.net/gwacl08:27
noodles775rvba: thanks. That returns no output. Let me uninstall libcurl-dev again...08:29
dimiternrogpeppe1: so you're doing the upgrader, right?08:31
rogpeppe1dimitern: yes08:31
noodles775rvba: Yep - that compiles now: http://paste.ubuntu.com/5903360/ Thanks!08:31
dimiternrogpeppe1: i'll pick up the deployer then08:31
rogpeppe1dimitern: cool08:31
dimiternrogpeppe1: it needs a StringsWorker, following the same model like the NotifyWorker08:32
rvbanoodles775: welcome :)08:32
rogpeppe1dimitern: are there going to be any others using StringsWorker?08:32
dimiternrogpeppe1: uniter perhaps?08:32
rogpeppe1dimitern: i very much doubt it08:33
dimiternrogpeppe1: firewaller?08:33
rogpeppe1dimitern: can't we just use the existing logic rather than refactoring everything?08:34
dimiternrogpeppe1: you don't think introducing the NotifyWorker was a good thing?08:34
rogpeppe1dimitern: it's a good thing if it's used more than once08:34
dimiternrogpeppe1: so, that's my answer to the above :)08:35
rogpeppe1dimitern: otherwise it's just unnecessary abstraction08:35
rogpeppe1dimitern: the firewaller won't be able to use StringsWorker AFAICS08:35
dimiternrogpeppe1: it uses an environconfigwatcher and environmachineswatcher, the second one is a stringswatcher08:36
rogpeppe1dimitern: how are you going to structure the StringsWorker so that it allows more entries in the core select loop?08:36
dimiternrogpeppe1: more entries?08:36
dimiternrogpeppe1: it should be simple08:37
rogpeppe1dimitern: currently the firewaller listens on 6 things in its select08:37
dimiternrogpeppe1: couldn't we use several workers and put them together, rather than having a single loop?08:38
rogpeppe1dimitern: the NotifyWorker pattern is to listen on 2 things (a watcher and the tomb) and make a callback when one of them happens08:38
rogpeppe1dimitern: i don't see that that would gain us anything but obfuscation08:38
rogpeppe1dimitern: the firewaller control flow is current quite nice and obvious08:38
rogpeppe1dimitern: i'd be happy to keep it that way08:38
dimiternrogpeppe1: ok then, won't do it for now; we can always refactor it later if needed08:38
rogpeppe1dimitern: thanks08:39
dimiternrogpeppe1: fairly trivial https://codereview.appspot.com/11711043/08:54
rogpeppe1dimitern: i thought i'd done that...08:55
rogpeppe1dimitern: yeah, it's at https://codereview.appspot.com/11586043/08:55
rogpeppe1dimitern: i'm still waiting for a second review08:55
rogpeppe1dimitern: you even reviewed the code :-)08:56
dimiternrogpeppe1: oh :)08:56
dimiternTheMue: can you review this please? ^^08:57
dimiternrogpeppe1: i need it to land to continue on the deployer08:57
rogpeppe1dimitern: well, i'll need another review then...08:57
dimiternmgz: ?08:58
TheMuedimitern: sure08:59
dimiternTheMue: thanks08:59
dimiternrogpeppe1: I'll reject mine then08:59
TheMuerogpeppe1: you've got a +109:03
rogpeppe1TheMue: thanks09:03
dimiternTheMue: sorry, not that09:03
dimiternTheMue: https://codereview.appspot.com/11586043/ this09:03
* TheMue currently build a test-env for autosync tests09:03
dimiternTheMue: the one you reviewed I closed, because it duplicates rogpeppe1's09:04
TheMuedimitern: don09:04
dimiternTheMue: tyvm09:04
TheMuedimitern: seen it after lgtm'ed it ;)09:04
dimitern:) np09:04
dimiternrogpeppe1: good to go then09:05
rogpeppe1dimitern: ok, it's approved09:05
dimiternrogpeppe1: cheers09:06
jtv2mgz: your oldest pending branch looks about ready to land...09:11
axwjtv2, rogpeppe1: thanks (yes I did confirm pricing on AWS). Do I do "lbox submit" now?09:41
rogpeppe1axw: no; we don't use that any more09:41
rogpeppe1axw: you go to the merge proposal09:41
axwclaim review?09:41
rogpeppe1axw: copy and paste the mp description into the commit message09:41
rogpeppe1axw: then mark the mp as approved09:42
jtv2No need to claim the review.09:42
jtv2Although I always add an Approved vote listing who approved in Rietveld, but that's probably just because I'm used to Tarmac requiring an approval vote.09:42
rvbarogpeppe1: if you have time for a tiny review: https://codereview.appspot.com/11578043/.  William had a look at it on Friday but asked me a question (I replied) and didn't give me a formal LGTM.10:03
rogpeppe1rvba: LGTM10:06
rogpeppe1i'd appreciate a couple of reviews of this please: https://codereview.appspot.com/11680043/10:18
TheMuerogpeppe1: done10:22
rogpeppe1TheMue: thanks10:22
mgzrogpeppe1: so if I understood correctly yesterday, we have an older copy of of this from goamz, and this basically takes the newer version?10:23
rogpeppe1mgz: not quite. goamz copied the juju-core version, then updated it. this CL copies back that updated version.10:24
mgzaha, fun.10:24
rogpeppe1mgz: ta10:26
mgzrogpeppe1: have you got opinions on https://coderview.appspot.com/11679044 specifically the status output format?10:58
rogpeppe1mgz: i get a 404 for that link10:58
rogpeppe1mgz: ha, it's funny that coderview is actually a site11:00
rogpeppe1mgz: hmm, i think we should probably keep the same format as the python11:02
rogpeppe1mgz: it's not as if there's a strong convention for tcp:4511:03
rogpeppe1mgz: perhaps we should just change state.Port.String to print tcp/45 instead11:03
rogpeppe1mgz: i can't immediately think of anything that would break11:03
mgzthat would be my prefered option if we can do it without breakage11:03
* TheMue => lunch11:15
rogpeppe1mgz: you've got another review: https://codereview.appspot.com/11548044/11:26
mgzta, I should unheadinsand and land11:27
mgzstandup all?11:33
=== rogpeppe1 is now known as rogpeppe
rogpeppeTheMue: you have a review11:54
TheMuerogpeppe: thanks11:54
dimiternrogpeppe, TheMue: https://codereview.appspot.com/1171304311:55
dimiternTheMue: thanks12:06
TheMuedimitern: yw12:07
rogpeppedimitern: you've got a review: https://codereview.appspot.com/11713043/12:13
dimiternrogpeppe: thanks12:14
dimiternrogpeppe: the server always returns results and they are exactly the same number as the passed args12:16
rogpeppedimitern: we don't want to panic if the client's talking to a dodgy server though, do we?12:16
rogpeppedimitern: otherwise why bother checking the length at all?12:16
rogpeppedimitern: (as you do in the original if statement)12:17
=== gary_pos` is now known as gary_poster
dimiternrogpeppe: hmm12:18
dimiternrogpeppe: ok, but not sure about the return "", fmt.Errorf("no results found")12:19
rogpeppedimitern: well, yeah, choose some appropriate error msg12:19
dimiternrogpeppe: should there be any? the AssignedMachineId from state doesn't behave like this12:19
rogpeppedimitern: that method isn't a bulk method12:20
rogpeppedimitern: if the server returns no results and no error, then there's something gone wrong12:20
dimiternrogpeppe: and the one in the client-side api isn't either12:20
rogpeppedimitern: but the server one is12:20
rogpeppedimitern: so we need to decide what we want to do if the server returns no results and no error12:21
dimiternrogpeppe: how about ErrUnexpected "unexpected server response" ?12:21
rogpeppedimitern: i'd prefer to be a bit more explicit in the error message.12:21
dimiternrogpeppe: fwiw this has to change for all other api client-side methods like this12:21
rogpeppedimitern: how about ErrNoResults "no results found in server response"12:22
dimiternrogpeppe: sounds good12:22
dimiternrogpeppe: and I'll add a TODO to change all other methods like that12:23
rogpeppedimitern: well various places already handle it12:23
rogpeppedimitern: e.g. deployer.State.unitLife12:23
dimiternrogpeppe: like where?12:23
rogpeppereturn "", fmt.Errorf("expected one result, got %d", len(result.Results))12:23
dimiternrogpeppe: that's different12:23
rogpeppedimitern: i think it's exactly the same, isn't it?12:23
dimiternrogpeppe: Life() returns no error, unitLife is used for Refresh()12:24
rogpeppedimitern: it handles exactly the same case12:24
rogpeppedimitern: it's handling a server call that may return no results and no errors in a robust way12:24
rogpeppedimitern: as i'm suggesting you do12:24
dimiternrogpeppe: ok, i'll add the error and add todos as appropriate12:24
rogpeppedimitern: i don't see anywhere else that doesn't do it right12:26
rogpeppedimitern: most places return "expected one result..."12:26
dimiternrogpeppe: ok, so why not instead of adding this extra error nobody else will probably use, change it so it works like the other calls, i.e. "expected one result..."12:27
rogpeppedimitern: sgtm12:27
dimiternrogpeppe: good point about IsResponsibleForUnit(), but how should I call the client-side unit call?12:30
dimiternrogpeppe: unit.IsResponsible?12:31
rogpeppedimitern: hmm12:31
rogpeppedimitern: unit.AmResponsible ?12:32
dimiternrogpeppe: IsAgentResponsible?12:32
dimiternrogpeppe: CanDeploy?12:32
rogpeppedimitern: i like CanDeploy12:32
dimiternrogpeppe: ok12:32
rogpeppedimitern: then the server call becomes CanDeployUnits12:33
rogpeppedimitern: or perhaps just CanDeploy actually12:33
dimiternrogpeppe: sgtm12:34
TheMuestrange, the whole call chain a tools.ErrNoTools is returned. but when I compare the this error the "if" fails :/12:41
dimiternrogpeppe: updated https://codereview.appspot.com/1171304312:46
* dimitern bbiab12:47
rogpeppedimitern: could you remind me why the original code checked the assigned machine id, please?13:01
rogpeppedimitern: after all, we've just received the unit name from a watcher which is presumably watching only units for this particular machine13:02
* rogpeppe is called to lunch13:02
dimiternrogpeppe: because we need to know if we are responsible for deploying that unit13:05
dimiternrogpeppe: we're calling assignedmachineid to see if the unit is assigned for deployment, and yes, we only watch units of one machine (the deployer's)13:06
rogpeppedimitern: so what's a scenario where the deployer sees a unit that it's not responsible for?13:30
rogpeppedimitern: isn't the deployer now responsible for deploying subordinate units too? (or is that something that is still in the murky future?)13:31
dimiternrogpeppe: if it isn't responsible for a unit it won't try deploying it13:43
rogpeppedimitern: yes, but why would it see a unit it isn't responsible for in the watcher results?13:43
dimiternrogpeppe: because the unit is not assigned yet13:44
rogpeppedimitern: doesn't the watcher watch only assigned units?13:44
dimiternrogpeppe: hmm13:45
dimiternrogpeppe: good question, have to check13:45
dimiternrogpeppe: it watches all principal units of a machine (assigned ones), and also all subs of these principals (which might not be assigned yet)13:46
rogpeppedimitern: i don't think a sub can be unassigned13:46
rogpeppedimitern: it's assigned by virtue of being a sub of an assigned principal13:47
dimiternrogpeppe: yeah, that's right13:47
rogpeppedimitern: i *think* i see the issue13:48
dimiternrogpeppe: but not sure assignedmachineid returns != "" for subs13:48
rogpeppedimitern: i think it probably would13:48
rogpeppedimitern: but anyway...13:48
rogpeppedimitern: it seems like the watcher doesn't tell you if it's telling you about a unit that's assigned or a unit that's been unassigned13:48
dimiternrogpeppe: it returns the principal's machine id (if assigned)13:49
rogpeppedimitern: it just tells you about changes13:49
dimiternrogpeppe: that seems right, yes13:49
rogpeppedimitern: even though it actually knows what the changes are (added or removed)13:49
rogpeppedimitern: this seems a bit odd, because you can't understand what the watcher's telling you without querying the state, but by that time it might be out of date.13:50
rogpeppedimitern: perhaps this was done as part of the recent StringsWatcher changes13:50
dimiternrogpeppe: how could it be out of date, when you're just checking that?13:51
dimiternrogpeppe: i don't get you, sorry13:51
rogpeppedimitern: well, it might be telling you that it's been just unassigned, but by the time you get around to checking, it's been assigned again.13:52
rogpeppedimitern: i guess it doesn't matter13:52
rogpeppedimitern: it just seems a bit odd, and it's the only reason for this API call you're doing13:54
rogpeppedimitern: if the watcher specified which units were assigned and which units were unassigned, we wouldn't need it13:54
dimiternrogpeppe: perhaps, but we still need to check if it's assigned between we read from the watcher changes chan and we're about to deploy, based on that decision, won't we?13:55
rogpeppedimitern: not really, because that only narrows the race window AFAICS13:55
rogpeppedimitern: anyway, i now think i understand13:56
dimiternrogpeppe: :)13:56
dimiternrogpeppe: it's a bit hairy i guess13:57
rogpeppedimitern: there's a minor security issue which is that this call allows any machine agent to probe for the existence of any unit13:57
dimiternrogpeppe: how come?13:57
rogpeppedimitern: issue the call and see what result you get13:57
rogpeppedimitern: if you get ErrNotFound, the unit doesn't exist; if you get ErrPerm, it does13:57
dimiternrogpeppe: you won't get err not found13:58
rogpeppedimitern: no?13:58
dimiternrogpeppe: where?13:58
rogpeppedimitern: from CanDeploy13:58
rogpeppedimitern: pass it a unit name that doesn't exist13:58
rogpeppedimitern: d.st.Unit will return ErrNotFound (or similar)13:59
dimiternrogpeppe: yeah, and you get result!=true, so you get errperm13:59
rogpeppedimitern: ah, i see13:59
dimiternrogpeppe: ah, you mean client-side?13:59
rogpeppedimitern: no, i'd misread your logic, sorry14:00
dimiternrogpeppe: you'll get nil always, but any next call will return errperm14:00
rogpeppedimitern: i think that code is odd though - it's odd that you can't get false without an error14:00
dimiternrogpeppe: not from the server14:01
dimiternrogpeppe: it always returns errPerm on false14:01
rogpeppedimitern: yeah, that's weird14:02
rogpeppedimitern: how about never returning an error.14:02
dimiternrogpeppe: why?14:02
rogpeppedimitern: because there's no information content in the error14:02
mgzrogpeppe: ah, I'll have to look at godoc example code stuff, that's neat14:02
rogpeppedimitern: result==false => err==ErrPerm; result==true => err==nil14:03
rogpeppemgz: yeah, it works quite nicely.14:03
rogpeppemgz: it's nicer when you can actually have some output - then gotest will run the code and check the output for you14:03
dimiternrogpeppe: let's not hide details like that14:03
rogpeppedimitern: i'm not sure what you mean14:03
rogpeppedimitern: i was just describing the current behaviour14:04
dimiternrogpeppe: I prefer not to do that14:05
rogpeppedimitern: better might be to return an error if we get an non-not-found error from Unit; otherwise return true iff the assigned machine matches14:06
dimiternrogpeppe: that might work14:06
dimiternrogpeppe: ok, sounds good14:06
rogpeppedimitern: cool14:06
rogpeppedimitern: then you won't be discarding the error always like you are currently14:07
dimiternrogpeppe: agreed14:08
rogpeppedimitern: i've made a couple more comments14:10
dimiternrogpeppe: thanks14:10
rogpeppemgz: golang.org/pkg/testing documents the example code conventions FYI14:11
rogpeppemgz: (not the most intuitive place!)14:11
mgzyeah, I was surprised you added it to the test code, but it makes some sense14:11
dimiternrogpeppe: wait a moment14:16
dimiternrogpeppe: if we get notfounderr from st.Unit, we still don't know whether we're talking to an authorized entity14:16
dimiternrogpeppe: that's why i think we still should return errperm, like in the other facades14:17
rogpeppedimitern: i don't think it should matter14:17
dimiternrogpeppe: once we have the unit and it's assigned, we can call authOwner, etc.14:17
rogpeppedimitern: the question the API call is answering is: "can i deploy this unit?"14:17
dimiternrogpeppe: it matters, because returning not found is exactly what you described as "minor security risk"14:17
rogpeppedimitern: i don't think it matters if the answer is "false" for units you can't deploy14:17
rogpeppedimitern: i'm not suggesting that we return not found14:18
rogpeppedimitern: i'm suggesting we return false instead of ErrNotFound14:18
dimiternrogpeppe: the question, as always, implicitly like for every API call is, "can I do this at all?"14:18
rogpeppedimitern: you can ask the question14:18
rogpeppedimitern: that's not an error14:18
dimiternrogpeppe: it's an errperm if we don't know if you're supposed to ask / know that14:19
rogpeppedimitern: but you can't find out anything more than "yes you can deploy this unit" or "no you cannot deploy this unit or it doesn't exist"14:19
dimiternrogpeppe: isn't that the whole point of the call?14:19
rogpeppedimitern: the point of the call is to ask if we can deploy a given unit14:20
dimiternrogpeppe: it's a yes/no question14:20
rogpeppedimitern: why should we return ErrPerm if the answer is false?14:20
rogpeppedimitern: i can't see any possible security hole14:20
rogpeppedimitern: or information leak14:21
rogpeppedimitern: and it just makes the client code more complex14:21
rogpeppedimitern: because it then has to explicitly check for ErrPerm14:21
dimiternrogpeppe: if it's false, and we're authorized, i agree it should be false, nil14:21
rogpeppedimitern: ha ha!14:21
rogpeppedimitern: it can't be false if we're authorized!14:22
dimiternrogpeppe: not now, but it will be :)14:22
rogpeppedimitern: how so?14:22
dimiternrogpeppe: i'll change it to return false, nil if we're authorized and cannot deploy it14:22
dimiternrogpeppe: is that what you want?14:22
rogpeppedimitern: i'm not sure. if i'm the machine agent, the watcher tells me about a unit, the unit gets unassigned, i ask whether i can deploy the unit, then i don't think i should get ErrPerm. it should just return false.14:23
rogpeppedimitern: i can't see any security issue with doing that14:24
dimiternrogpeppe: so the cases are: 1) false, errperm (not found, etc.), 2) true, nil (assignedmachineid == entity.tag), 3) any other case (currently) is the same as 1)14:25
rogpeppedimitern: and it means that the machine agent doesn't need to say "oh, ErrPerm? that actually means I can't deploy the unit"14:25
dimiternrogpeppe: and we can change 3) false, nil to mean (no error, and you cannot deploy it)14:25
dimiternrogpeppe: but I don't see how we can do that14:25
dimiternrogpeppe: and still have permission checks14:26
dimiternrogpeppe: i.e. not leak unnecessary info14:26
rogpeppedimitern: i suggest: 1) false, some-non-not-found-error; 2) true, nil; 3) false, nil14:26
rogpeppedimitern: 1) happens when we get an error talking to the state14:26
rogpeppedimitern: 2) happens if you can deploy the unit14:27
rogpeppedimitern: 3) happens if the unit isn't assigned to the given machine agent or doesn't exist.14:27
dimiternrogpeppe: 1) the error has to be errperm14:27
rogpeppedimitern: why?14:27
dimiternrogpeppe: and 3) you cannot know which machine agent we're talking about14:27
dimiternrogpeppe: at server-side14:28
rogpeppedimitern: huh? we know the authenticated machine agent. that's how we're checking AuthOwner, right?14:28
dimiternrogpeppe: I mean, we know the authed entity, but not how the unit relates to it, until we see assigned machine id14:28
rogpeppedimitern: yes, and?14:28
dimiternrogpeppe: oh boy14:29
rogpeppedimitern: i don't (currently) see how a non-not-found error can leak info14:29
dimiternrogpeppe: I realized I have an error there14:29
dimiternrogpeppe: it has to be authOwner(entity.Tag) && entity.Tag == assignedMachineId to be true, nil14:29
dimiternrogpeppe: that's for 2)14:30
dimiternrogpeppe: and for 1), I already agreed non-not-found errors should be returned as it, otherwise - errperm14:30
rogpeppedimitern: how can authOwner(entity.Tag) ever be true?14:31
rogpeppedimitern: given that the entity is a unit tag14:31
dimiternrogpeppe: entity.Tag => authorized entity's tag14:32
dimiternrogpeppe: that's what I meant14:32
rogpeppedimitern: what's wrong with authOwner(assignedMachineId) as i suggested?14:32
rogpeppedimitern: for true, nil14:33
dimiternrogpeppe: ah, right, sorry - too many variables :)14:33
dimiternrogpeppe: i agree with that14:33
rogpeppedimitern: so, i can't see a time when it's appropriate to return ErrPerm currently14:33
dimiternrogpeppe: but that's what I did anyway14:34
dimiternrogpeppe: machineId, er := unit.AssignedMachineId(); machineTag := state.MachineTag(machineId); AuthOwner(machineTag), no?14:34
rogpeppedimitern: istm that by returning ErrPerm there, we're trying to say "you can't even ask that question", but we're answering it anyway14:35
dimiternrogpeppe: in 2 cases at least14:35
rogpeppedimitern: yes14:35
rogpeppeAuthOwner(state.MachineTag(machineId)) i think i suggested in my comment14:35
dimiternrogpeppe: 1) non-not-found error in st.Unit() -> errPerm, 2) err != nil in assignedmachineId -> errPerm, i think14:35
dimiternrogpeppe: sorry, s/non-not/not/14:37
dimiternrogpeppe: and 3) assignedMachineId == "" -> errPerm, i think as well14:37
dimiternrogpeppe: i.e. until we know the assignedMachineId != "" and err == nil, the error is errPerm, after that it's errPerm only when !authOwner(assignedMachineTag)14:39
dimiternrogpeppe: the truth table grew a lot :)14:40
rogpeppedimitern: sorry, had to take a parcel at the door14:40
rogpeppedimitern: i'd like it if a machine agent cannot get an error in the normal course of asking the CanDeploy question14:41
dimiternrogpeppe: should I summarize it again? (i got confused myself) - 1) err = st.Unit(); err != notFound -> err, else -> errPerm, 2) assignedId, err = u..(); err != nil -> errPerm (i think), else assignedId == "", definitely errPerm, 3) !authOwner(assignedTag) -> errPerm, 4) else - true, nil14:42
dimiternrogpeppe: how about that?14:43
rogpeppe[15:41:44] <rogpeppe> dimitern: i'd like it if a machine agent cannot get an error in the normal course of asking the CanDeploy question14:44
rogpeppedimitern: i don't see how your suggestion addresses that14:45
dimiternrogpeppe: how is that not leaking information?14:45
rogpeppedimitern: i don't think it should be a permission-denied error for a deployer to ask about a unit it's just been told about14:45
rogpeppedimitern: what info does it leak?14:45
dimiternrogpeppe: suppose I'm MA for m0 and asking can I deploy u1, which is assigned to m1 - shouldn't that be errPerm ?14:46
rogpeppedimitern: if i just get the answer "false", what information have i gathered?14:46
dimiternrogpeppe: that perhaps there indeed is a u1 and I'm not allowed to touch it14:47
dimiternrogpeppe: whereas errPerm means you can't touch u1 anyway, so the question is irrelevent14:48
rogpeppedimitern: that's no information. it doesn't tell you anything about the existence or non-existence of u114:48
rogpeppedimitern: "perhaps"14:48
dimiternrogpeppe: no perhaps, sorry, if there isn't a u1 you'll get errPerm anyway earlier14:49
rogpeppedimitern: i suggest you should get false in that case14:49
dimiternrogpeppe: it'll be not found -> errPerm14:49
dimiternrogpeppe: so if u1 exists, I'll get false, nil, and if it doesn't i'll get false, nil, is that what you're saying?14:50
rogpeppedimitern: exactly14:50
dimiternrogpeppe: sorry I mean u1 doesn't exist -> false, errPErm14:50
rogpeppedimitern: yeah, i suggest false, nil there14:50
dimiternrogpeppe: the thing is the existence of u1 changes the result14:50
rogpeppedimitern: how so?14:51
rogpeppedimitern: you get false, nil in both cases14:51
dimiternrogpeppe: u1 doesn't exist (not found -> false, errPerm, earlier), u1 exists -> false, nil14:51
rogpeppedimitern: for the not found case, i suggest (false, nil) as i said earlier14:52
dimiternrogpeppe: why?14:52
dimiternrogpeppe: that's different from all other api calls so far14:52
rogpeppedimitern: because it's perfectly ok for a machine agent to ask about a unit it's just been told about but happens to have been deleted.14:52
dimiternrogpeppe: all others return errPerm on not found14:52
rogpeppedimitern: i think this *is* a bit different14:52
dimiternrogpeppe: don't assume what MA's been told14:52
dimiternrogpeppe: we're talking about the subtle case of a rouge agent here14:53
rogpeppedimitern: i'm not making that assumption14:53
dimiternrogpeppe: what's stops an agent from asking for an arbitrary unit14:53
rogpeppedimitern: it can ask for an arbitrary unit, but it can't find out any information about it at all14:53
dimiternrogpeppe: and getting false, nil means either (unit exists, but you cannot deploy it) or (unit does not exist)14:54
rogpeppedimitern: unless that unit has been assigned to it14:54
rogpeppedimitern: yeah, that seems good to me14:54
rogpeppedimitern: you're allowed to ask the question14:54
dimiternrogpeppe: whereas all other calls return errPerm when unit doesn't exist and may return errPerm down the line if you're not authorized14:54
rogpeppedimitern: that's usually because it's an error to try to talk to an entity that doesn't exist14:55
dimiternrogpeppe: returning nil when errPerm should be returned I think is wrong14:55
rogpeppedimitern: in this case, for this particular call, i think that's not true14:55
dimiternrogpeppe: either that or because you're not authorized14:55
dimiternrogpeppe: I don't see how this is different from Life for example14:56
rogpeppedimitern: sure. but i don't want to clutter the nice case for the sake of the rogue case (especially when it makes no difference either way)14:56
dimiternrogpeppe: why should you be allowed to ask for life of arbitrary entities and not get errperm?14:56
dimiternrogpeppe: security is important, even at expense of a bit more complicated ("cluttered") code14:57
rogpeppedimitern: because a life return actually tells you something about the entity14:57
dimiternrogpeppe: even when it's an edge case - designing a good api should account for rouge agents14:57
rogpeppedimitern: saying "you cannot deploy this" does not tell you anything at all about the entity14:58
rogpeppedimitern: i agree entirely14:58
rogpeppedimitern: but there is no security implication from returning (false, nil) for not found14:58
rogpeppedimitern: it just makes the client code slightly nicer14:58
dimiternrogpeppe: well, if we return false, nil in most cases, should we ever return errPerm then?14:58
rogpeppedimitern: i don't think so.14:59
dimiternrogpeppe: so we're keeping the error return only in case there's a problem talking to state and nothing else?14:59
rogpeppedimitern: we have no control over the units that a machine agent asks about, but we can make sure it never finds out any info on units that it cannot deploy14:59
rogpeppedimitern: yes14:59
dimiternrogpeppe: that's the reverse of what we agreed to do in general, but in this specific case i'm beginning to see your point15:00
dimiternrogpeppe: at least I can't see any unnecessary leaks, it's just weird15:00
rogpeppedimitern: thanks. it is indeed a specific case.15:00
dimiternrogpeppe: ok, will change it like that - no errPerm, only err if st.Unit() fails with !notFound15:01
rogpeppedimitern: something like this? http://paste.ubuntu.com/5904401/15:02
dimiternrogpeppe: not quite15:03
rogpeppedimitern: oops, http://paste.ubuntu.com/5904406/15:04
dimiternrogpeppe: AssignedMachineId returns NotAssignedErr most of the time and NotFound only in the case of a subordinate referring to an unknown principal15:04
rogpeppedimitern: ah, good point.15:04
rogpeppedimitern: perhaps just ignore the error from AssignedMachineId15:04
rogpeppedimitern: or http://paste.ubuntu.com/5904411/15:05
rogpeppedimitern: (probably better)15:05
dimiternrogpeppe: well I only really need is machineId != ""15:06
dimiternrogpeppe: I don't think so15:07
dimiternrogpeppe: if it indeed is notAssigned, then machineId == ""15:07
dimiternrogpeppe: and that means false, nil basically15:07
dimiternrogpeppe: (according to what we agreed, substituting errPerm for nil)15:07
rogpeppedimitern: yeah. depends if you care about returning some network error if you get one when callin AssignedMachineId15:08
dimiternrogpeppe: will it be that bad to just ignore the err from assignedmachineid and return false, nil then?15:08
rogpeppedimitern: i'm thinking it would be a bit naughty but ok really15:09
rogpeppedimitern: actually, i think it is worth doing properly15:09
dimiternrogpeppe: err != nil && machineId == "" -> false, nil15:10
rogpeppedimitern: otherwise a machine agent could potentially destroy a unit because of a db error15:10
dimiternrogpeppe: possibly logging the err, what's wrong with that?15:10
dimiternrogpeppe: no, if you're not responsible for it, you won't recall it15:10
dimiternrogpeppe: or deploy it15:10
rogpeppedimitern: if the unit *does* happen to be assigned to the machine and there's a network error calling AssignedMachineId, you'll see (false, nil) and erroneously undeploy the unit15:11
dimiternrogpeppe: it'll be recalled only if it's already deployed and you decide you're not responsible for it anymore15:12
rogpeppedimitern: thus i think it's worth checking for NotAssignedError explicitly15:12
dimiternrogpeppe: yeah, good point15:12
rogpeppedimitern: yeah, but that's a problem if you're *told* you're not responsible for it, but you actually are15:12
dimiternrogpeppe: so machineId == "" || err == NotAssigned -> false, nil then?, other err != nil -> false, err15:13
dimiternrogpeppe: but that seems like a security leak, because we haven't yet checked the authOwner15:13
rogpeppedimitern: yes, in the hypothetical case that a malicious agent can induce a db error for the AssignedMachineId call but not the Unit call, we can leak information about the existence of a given unit15:16
rogpeppedimitern: i considered that, but really, i think it's vanishingly likely, and it's more important to behave well in the error case.15:17
rogpeppes/likely/unlikely :-)15:17
dimiternrogpeppe: hmm15:19
dimiternrogpeppe: it seems remote indeed15:19
dimiternrogpeppe: the check has to be err == NotAssigned || err == NotFound || machineId == "" -> false, nil, else false, err15:20
rogpeppedimitern: not quite, but i'm sure you'll get it right in the code :-)15:20
dimiternrogpeppe: why not? skip the notFound?\15:21
rogpeppedimitern: it's more like: err != nil && err != NotAssigned && err != NotFound { return false, err} else if err != nil { return false, nil } else return AuthOwner(machineTag), nil15:22
dimiternrogpeppe: it'll mean faulty state - a subordinate referring to an invalid principal, hence machineId of the principal cannot be determined15:22
dimiternrogpeppe: ah, right :)15:22
rogpeppedimitern: but as i said, i'm sure you'll get it right15:22
dimiternrogpeppe: will see :)15:23
rogpeppedimitern: thanks for bearing with me; sorry it's been a bit long-winded :-)15:23
dimiternrogpeppe: np, I've seen some errors in my ways anyway :)15:23
dimiternrogpeppe: and thanks15:23
rogpeppedimitern: i think it's useful to have this kind of conversation anyway around the security issues, so we know where we're coming from15:24
dimiternrogpeppe: definitely15:24
TheMuestill a bit ugly, but autosync works15:41
dimiternTheMue: \o/15:43
dimiternrogpeppe: updated https://codereview.appspot.com/11713043/15:52
rogpeppedimitern: reviewed15:57
dimiternrogpeppe: thanks16:01
mrammanybody know if the latest tools have been uploaded to the HP cloud public bucket?16:07
mrammm_3 reports that he had to do upload tools with the latest, or else he got the previous version tools16:08
mgzmramm: they may well not have been16:15
mgzI'm not even certain who has the creds16:15
mrammarosales: do you know?16:15
arosalesmost folks here have creds.  I can upload now though16:18
arosalesmgz, I think you have creds to the object store for juju-public-tools16:19
* arosales uploading now . . .16:19
mgzarosales: I see an email to jam were you added him, I guess I could have used those details...16:20
arosalesmgz, I think you have your own unique login16:22
mgzarosales: if so, I can't find it in my email archive ;_;16:22
arosalesI think ian or someone asked for a set of folks to have access sometime in may16:22
arosalesmgz, no worries16:22
* arosales uploading now16:22
mgzdo we also need to do anything simplestreams related?16:23
arosalesmgz, I think the public bucket has the image/tools info for AZ116:24
arosalesbut AZ2/AZ3 aren't enabled, and haven't been :-/16:24
arosalesmramm, 1.11.4 tools should be there now16:27
mrammarosales: thanks!16:27
arosalesm_3, ^16:27
rogpeppeha! reviewed everything!17:15
rogpeppesome test race fixes, in case anyone fancies a review: https://codereview.appspot.com/1172304317:39
rogpeppeand... that's me for the day17:39
rogpeppesee y'all tomorrow17:39
* thumper takes dog for a walk21:21
thumpertrivial review for someone: https://codereview.appspot.com/1174504323:00
thumperhi mramm23:00
thumpermramm: how goes oscon?23:00
mrammcharm school this morning was good23:01
mramminterest in juju from folks at intel, and several other places23:02
mrammpeople seemed to get it23:02
mrammgui and local provider were highlights23:04
mrammlots of questions about LXC support in general23:04
mrammand some definite interest in manual provisioning23:04
* thumper nods23:06
thumperit seems that mgz is on top of the network stuff, will try to touch base with him tonight my time, Wed morning his time23:06
thumperI'm poking around some manual provisioning ideas23:06
mrammIn about an hour I have an hour of booth duty23:07
thumpertrying not to get too stressed about not knowing how the network stuff is going23:07
thumperjuju booth or ubuntu booth?23:07
thumperbtw, what sort of questions around LXC?23:07
* davecheney waves23:58

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!