[00:17] bigjools: are you around? [00:17] kurt__: yes [00:18] hi - I've been struggling with an issue with OAuthunathorized and juju-gui [00:18] this is with vmware, so I believe it is a clock issue [00:18] the clock on the vm is exactly 7 hours off [00:19] have you had any success with vmware and getting the clocks in the maas clients to sync? [00:19] are you in mountain time by any chance? [00:19] PST [00:19] I've never used vmware with maas [00:19] we have previously used qemu [00:19] it works well, except for this clock issue [00:19] but not for a while [00:20] the unauth problem has been solved now for a long time, what is your exact problem? [00:21] after bootstrap and I go to install juju-gui, the status goes to pending and never does anything past that. [00:21] I look at the maas.log and its full of OAuth unauthorized errors [00:21] is the bootstrap a VM? [00:21] I need to go OTP, back later [00:22] yes [00:29] bigjools: see http://pastebin.ubuntu.com/5979922/ for logging of juju-debug and maas errors here http://pastebin.ubuntu.com/5978813/ [01:10] kurt__: ok back. Is the clock on the bootstrap node also out by 7 hours? [01:12] kurt__: so the logs don't have enough context, can you send the entire log [01:13] ah I see where the time problem comes from now, it's not cloud-init, it's between juju and maas [01:19] no [01:20] bigjools: actually, let me check that, but I believe that is the case [01:20] ah, you see a problem? [01:20] I thought you were talking about booting the nodes themselves, they talk using oauth to the maas api [01:21] but your problem here is definitely the clock skew, you need to fix that, no way around it [01:21] right [01:21] so is there a way to do this with cloud-init? like how it was solved with kvm? [01:21] the problem is between juju and the maas sever [01:22] server [01:22] at least looking at your logs [01:22] so are the clocks out of whack between those? [01:22] I was just spinning the nodes up to check [01:24] it's nothing to do with the nodes [01:25] eh…ok. but the time is off between the root juju node and the maas controller [01:25] yes, that's what I meant, sorry [01:25] the bootstrap node's time needs to be fixed [01:25] http://pastebin.ubuntu.com/5991152/ [01:26] right - but it get fubarred on boot/set up - so isn't that something that can be fixed via cloud-init? [01:26] looks ok then [01:26] no - they are off [01:26] just a different timezone, the utc stamp will be the same no? [01:27] its off by 7 hours no matter what [01:27] oh got it wrong way around [01:27] yes, so fix that :) [01:27] lol [01:27] how? [01:27] its happening on boot/creation of the node [01:27] I don't know, you will need to check the vmware docs [01:28] for now you could set it manually [01:28] or run ntpd [01:28] there is an option to sync the clocks which I have tried both ways, and it has no effect [01:29] do you know how this problem was solved with kvm? [01:29] I don't know if it was ever a problem with kvm [01:29] afaik it just used the host's time [01:31] and if I went the ntpd route, how would I go about making it happen automatically? do I need to hack cloud-init? [01:31] or mount the images and hack those, ugh :( === CyberJacob|Away is now known as CyberJacob [02:12] bigjools: just tested [02:12] in a clean install [02:12] no issues [02:12] whatsoever [02:12] bigjools: i'm guessing they had newer kombu/celery? === CyberJacob is now known as CyberJacob|Away [02:25] bigjools: so just ttested both upgrade from cobbler based maas to newer maas, and fresh install of newer maas and went without issues === CyberJacob|Away is now known as CyberJacob [04:00] roaksoax: ok thanks for testing === CyberJacob is now known as CyberJacob|Away === CyberJacob|Away is now known as CyberJacob === racedo` is now known as racedo === CyberJacob is now known as CyberJacob|Away [13:55] rvba: are you around? I have some questions about maas and azure [13:58] Hi natefinch. [14:00] Go ahead. [14:00] rvba: hi.. I'm a new juju dev, working on a project to add IP Addresses to the info we return on instances [14:02] rvba: starting with maas... is the IP address of a node exposed anywhere? I see they have a hostname, but I don't see IP address as something that you can get from the API [14:03] natefinch: indeed, it's not exposed on the API, but we have the hostnane <-> IP stored internally so it's something we could expose. [14:04] the hostname <-> IP correspondence* [14:04] rvba: that would definitely be useful, save us a DNS lookup at least... but obviously we have to work with what's in the API right now. Just wanted to make sure I wasn't missing anything [14:05] natefinch: of course, we only have that information if MAAS is configured to manage the dhcp server. [14:06] rvba: ahh, hmm, interesting point... so it's not something we would be able to rely on being there 100% anyway. OK, good to know. [14:06] Now that I think of it, I'm pretty sure the IP is displayed on the UI (on a node's page) so it really should be on the API. Let me check… [14:09] natefinch: confirmed (it's even me who added that a couple of weeks ago), the list of IP addresses attached to a node is a field on the json representation of a node you get when querying the API. [14:10] Again, it's the empty list if MAAS does not manage the dhcp server. [14:11] natefinch: https://bugs.launchpad.net/maas/+bug/1064777 [14:11] Launchpad bug 1064777 in MAAS "If a node's IP address is known, it's not shown anywhere" [High,Fix committed] [14:12] rvba: nice [14:14] rvba: now about azure.... [14:15] excellent, and the api is already multiple-ip-address aware [14:16] rvba: the only IP Address I see exposed in azure is on RoleInstance... I'm not really very familiar with the object model of Azure, so I'm not sure if that's the correct place to be getting it from [14:18] natefinch: Azure's model allows you to do complex things. For juju, we use a simple model which is one juju node = one hosted service with one deployment in it containing one role instance. [14:19] rvba: ahh, good, that's exactly the information I was missing [14:19] rvba, given the HostedServiceDescriptor on azureInstance, how do you get to RoleInstance? [14:20] natefinch: we really should put a tiny README file somewhere in the Azure provider code. /me writes a note about that. [14:21] mgz: just one sec, let me check something… [14:21] rvba: this is what I had come up with: http://pastebin.ubuntu.com/5992900/ [14:24] mgz: yes, the way natefinch has done it seems right (modulo the fact that the deployment might be in progress in which case RoleInstanceList[0] will blow up). [14:24] Good point, I'll throw in a check to make sure it's non-empty [14:24] natefinch: is that returning the internal or the external IP address by the way? [14:25] rvba: depends on what that IP address represents :) We're planning to expose both... this was just me hacking around to figure out how the object model works [14:27] natefinch: each machine has an internal IP used for machine to machine communication (that IP belongs to the internal Virtual Network attached — conceptually — to each environment) and an external IP which is what you get when you resolve the hostname. [14:30] natefinch: the IP Address you're returning here is the internal IP. [14:31] rvba: have you guys figured out what the scope of internal ips is? [14:32] mgz: the scope of internal ips? [14:32] is it across the whole cloud, or constrained to your account or deployment? [14:34] natefinch: that's a real-world result of what you get back from a GetDeployment API request to Azure: http://paste.ubuntu.com/5992942/ [14:34] natefinch: as you can see, the external IP is also there, but in the VirtualIPs section at the bottom (AFAIK that's not something gwacl captures but that would be very easy to add). [14:37] that's probably worth doing, can be a follow up merge proposal that depends on a gwacl change [14:38] Very easy for us to do… just file the bug please :) [14:38] I was thinking we could just do it :0 [14:39] Even better :) [14:40] mgz: we want to return both the internal and the external IP, right? [14:41] natefinch: yup, but just the (external) hostname and internal ip is fine for a start [14:41] mgz: ok, cool [14:47] natefinch: fwiw, here is a "graphical" representation of how the Azure provider uses Azure objects: http://paste.ubuntu.com/5992973/ [14:48] rvba: nice, thanks [14:48] natefinch: and here is the result of listing the nodes on a live MAAS server with the CLI (which uses the API): http://paste.ubuntu.com/5992978/ [14:50] rvba: great [14:58] rvba: one last question - are both the maas and azure addresses assumed to be IPv4? [15:00] natefinch: maas parses the lease file written by the dhcp server. Right now the dhcp server is configured to use IPv4. [15:01] rvba: but in theory it could be IPv6 at some point, then? I guess it's safer not to assume v4 [15:01] natefinch: yes [15:01] natefinch: in Azure, gwacl treats the IP as strings. And apparently Azure only speaks IPv4. [15:01] we can detect from the string we get [15:01] rvba: huh interesting. ok [15:01] mgz: yeah, I was just looking at that [15:02] I've not written in every nice constructor for addresses yet [15:03] mgz: no big deal. really, it doesn't need a constructor, the only part that you might want to calculate is the AddressType [15:04] natefinch: internally MAAS uses netaddr which is totally ready to use IPv6 addresses. [15:05] natefinch: right, and NewAddress does that (but doesn't set the other fields) === CyberJacob|Away is now known as CyberJacob [15:42] If I have my internet facing network for maas controller on network A (eth0 - 192.168.1.x) and my maas clients on network B (eth1 - 172.16.118.x) with DHCP enabled - can I give internet access to my clients? Do I need to enable IP forwarding on the maas-controller and what do I need to do for routing? === CyberJacob is now known as CyberJacob|Away [17:23] If I have my internet facing network for maas controller on network A (eth0 - 192.168.1.x) and my maas clients on network B (eth1 - 172.16.118.x) with DHCP enabled - can I give internet access to my clients? Do I need to enable IP forwarding on the maas-controller and what do I need to do for routing? [17:24] kurt__: yeah you'd need NAT for the machines to access the internet [17:25] (but yes ip forwarding) [17:26] kurt__: but nothing for rounting. SO you only need to configure your iptables for NAT and that'd be all [17:28] so are iptables deployed on the clients by default? [17:29] kurt__: iptables are only needed on the maas server because it is the gateway to the internet [17:30] do I need to install iptables to get the NAT'ing I need to make this happen? [17:30] kurt__: yes, you need to configure iptables for NAT to work obviously [17:31] kurt__: for example: http://ubuntuforums.org/showthread.php?t=1715735&p=10608101#post10608101 [17:31] Thanks. I am running in to a problem with juju-gui requiring to do an apt-get update. This is one solution. But it's a little frustrating because it breaks the cloud model for maas [17:33] I guess another solution would be to install a locally mirrored repository [17:33] and do apt-get update against that [17:34] kurt__: so all the nodes you deploy with maas require internet access or as you said local mirror that can be resolved by the clients [17:37] roaksoax: will deploying iptables in the way the guide sent require more administrative tasks in the form of constantly updating iptables for all of my access needs, or does that configuration simply configure NAT and doesn't implement the blocking features of iptables? [17:38] I'm trying to weigh the benefits of each solution. I would assume best practices would be to have a locally installed mirror so it doesn't break mass's cloud model [17:40] kurt__: what are you referring with the cloud model? [17:40] we do say that maas client nodes require internet access to perform package installations [17:41] outside world should not have access to internal clients [17:41] so part of maas is being able to give internet access to the nodes [17:41] so if you do that by NAT'ing then that's completely fine [17:41] ah ok [17:41] I was thinking more along the lines of openstack [17:41] when you configure a default gateway for any node, (which is possible a router) the router does NAT [17:42] I have all of my clients pointed at the internal IP address of my controller [17:42] ie. 172.16.118.10 [17:42] kurt__: right [17:43] ok, I just need to get NAT set up [17:43] I'm deploying on vmware and am close to getting this working [17:43] yeah so that the machjines can get internet access [17:43] dealt with the time clock issues myself [17:43] jamespage: ^^ [17:44] are you deploying aginst vmware vm's? [17:44] yes :) [17:44] most everything is there.... [17:44] very close to getting it all working... [17:44] this is actually vmware fusion on mac osx [17:45] ah! so that's why the clock issues might have been related to.. [17:45] anyway i'll brb [17:45] I was even going as far as to try to get libvirt working in mac osx to auto-boot the machines [17:45] yes, but I figured out how to handle that === CyberJacob|Away is now known as CyberJacob [18:18] roaksoax: these instructions worked: http://wernerstrydom.com/2013/02/23/configure-ubuntu-server-12-04-to-do-nat/ [18:37] kurt__: cool [18:38] apt-get update still isn't working correctly on the client node :( [18:42] kurt__: make sure you can access the internet [18:42] roaksoax: http://pastebin.ubuntu.com/5993771/ [18:44] kurt__: and what happens when you do apt-get update ? [18:44] or sudo apt-get update [18:44] http://pastebin.ubuntu.com/5993719/ [18:45] kurt__: are you sure you are using a correct ppa? [18:45] Err http://ppa.launchpad.net quantal/main i386 Packages 404 Not Found [18:45] kurt__: there's no quantal ppa [18:46] for it [18:46] only precise and raring [18:46] kurt__: https://launchpad.net/~juju-gui-charmers/+archive/stable check there on the "Published In:" [18:47] I was using this guide http://ceph.com/dev-notes/deploying-ceph-with-juju/ originally, then went to the bzr branch [18:48] kurt__: well the PPA being used does not exist. can you pastebin your /etc/apt/source.list [18:49] cat: /etc/apt/source.list: No such file or directory [18:49] kurt__: sources.list sorry [18:50] http://pastebin.ubuntu.com/5993789/ [18:50] kurt__: what about whatever is under /etc/apt/sources.list.d/ [18:52] kurt__: another thing, you are using quantal for that node, while the guide says to use precise (Ubuntu 12.10 LTS) [18:53] http://pastebin.ubuntu.com/5993799/ [18:54] I thought Quantal was 12.10? [18:54] and Precise was 12.04? [18:54] where is this comming from: Failed to fetch http://ppa.launchpad.net/juju-gui-charmers/stable/ubuntu/dists/quantal/main/binary-amd64/Packages 404 Not Found [18:55] the juju-gui-charmers/stable in quantal ppa does not exist [18:55] so there should be a place where that's happening [18:55] or that is [18:55] maybe from the bzr branch I'm using for juju-gui locally? [18:56] maybe [18:56] but that is apt-get update failing [18:56] when I run the apt-get update...right [18:56] so something either in sources.list or sources.list.d/ [18:56] that is being run directly from the node [18:56] has that ppa [18:57] right but that ppa must have been added in sources.list.d/ somehwere for it to show up in apt-get update [18:57] its in the pastebin I put in I think [18:58] in /etc/apt/sources.list.d/juju-pkgs-quantal.list [18:58] yeah that's for juju [18:58] but not for juju-gui-charmers PPA [18:58] this =-> http://ppa.launchpad.net/juju-gui-charmers/stable/ubuntu/dists/quantal/main/binary-amd64/Packages is ppa:juju-gui-charmers/stable [18:58] ah…I should be looking on root node I think [19:14] I missed this one: http://pastebin.ubuntu.com/5993870/ [19:16] roaksoax: do I need to comment one of those out or remove that entirely? [19:26] kurt__: comment it out and do: sudo add-apt-repository ppa:juju-gui-charmers/devel [19:26] maybe the charm tries to import that ppa that doesn't exist [19:26] I just hacked it to point to precise -is your way better? [19:27] I was looking at this https://code.launchpad.net/~bac/charms/precise/juju-gui/unified-ppa/+merge/167039 [19:28] you could do that but that's pretty much a broken approach on how to obtain things if the systems is quantal and you are trying to install precise packages [19:30] are you referring to what they are doing in the url or my approach with hacking for precise? :) I assume the latter [19:30] yeah [19:30] the latter [19:31] check the juju-gui charm you are using, probably it is the one setting that repository (ppa) when it shouldn't [19:31] or maybe you need to use precise instead of quantal [19:31] this should relly be uncomplicated [19:31] isn't that the purpose of charms? :P [19:31] lol [19:31] yes [19:31] exactly [19:31] but maybe you are deploying a precise charm in quantal [19:32] and that's whats causing the issue [19:34] that is exactly what I'm doing [19:34] then that's why it is failing [19:34] you shoul;d be using precise [19:34] because there's no quantal charm for juju-gui, right? [19:34] yeah [19:35] there's probably a bug in that charm too [19:35] besides the one that is referenced in that ceph guide - which appears to be broken [19:35] yeah probaly things chagned since it was written (the guide) [19:35] so what do you suggest? [19:35] redeploy in precise [19:35] reverting to precise [19:35] ok [19:35] kurt__: or check the charm config for the juju-gui charm [19:36] to see if it allows you to change the ppa where to install juju-gui from [19:37] what part of the charm controls that, do you know? [19:38] or is it done in the environments.yaml? [19:38] maybe in config.yaml [19:38] i'd sugesst that the easiest is to use precise [19:38] the easies and fastest [19:39] can precise images be easily mixed with quantal maas cntrl? [19:39] yes [19:39] when you juju deploy you can specify the release you want to install IIRC [19:39] or you do it in environments.yaml [19:40] http://pastebin.ubuntu.com/5993936/ [19:40] will I need to destroy my maas environment then? [19:40] kurt__: yeah change that to precise [19:41] kurt__: yeah [19:41] darned :) [19:41] hold on [19:41] getting all of the time stuff to work correctly is a bit of a pain [19:42] heh not really, it is quite easy tbh [19:42] not with vmware ;) [19:42] but i guess we lack some documentation to get quick started [19:42] I have to set stuff manually in vmware [19:43] to get OAuth to work [19:46] roaksoax: were you checking something before I move forward? [19:46] you asked me to wait [19:47] yeah but nonne replies [19:51] yeah just destroy and restart [19:59] ok. thanks roaksoax. This has been a process trying to get this working :D [20:04] heh i bet ;) [20:35] roaksoax: what's the destroy env command for maas? [20:36] kurt__: juju destroy-environment [20:37] that's juju [20:37] oh, that's all I need to do then, right? [20:37] maas will recommission nodes [20:37] got it [20:40] do I want to get rid of that juju-origin: ppa parameter? [22:41] roaksoax: success! juju-gui running on vmware fusion on mac osx! :D [22:42] kurt__: nice!! see it wasnt so hard once you use precise ;) [22:44] I had a lot of problems in the beginning. I think its essential for the internal clients to have internet access. [22:44] Next on the agenda is to get openstack working :) [22:45] And to make libvirt work with OSX so maas can automatically start hosts. That part is tricky === CyberJacob is now known as CyberJacob|Away