/srv/irclogs.ubuntu.com/2013/09/24/#juju-dev.txt

thumperaxw: hey02:21
thumperaxw: fwereade was considering staying up to chat to you but when he realized what time you started he decided not to :)02:22
axwthumper: yo02:22
axwhehe02:22
thumperaxw: probably about the precheck branch02:22
thumperI've not read is response other than to realize that he made one02:22
axwthumper: I think about the null provider actually02:22
* thumper is busy with kvm02:22
thumperah02:22
axwbut yes, precheck needs work too02:22
thumperexpect a ping from him when he wakes02:22
axwyup, will do02:23
axwthanks02:23
thumpernp02:23
thumperaxw: when a manually provided machine is added, the agents still run as root, right?02:26
axwthumper: yes02:26
thumpercool02:26
thumperjust checking02:26
fwereadeaxw, heyhey05:53
axwfwereade: heya05:53
fwereadeaxw, so, sorry I got confused about the time -- I hope I didn't leave you hanging too badly05:54
axwfwereade: nope, not at all. thumper let me know you realised later about the time :)05:54
axwI would feel quite guilty if you got up in the middle of the night to talk to me ;)05:55
thumperaxw: you get over that :)05:55
axwheh05:55
fwereadeaxw, haha05:55
axwI guess it's inevitable05:55
fwereadeaxw, ok, just catching up on your responses05:56
fwereadeaxw, I *think* that series is maybe still a useful thing to have05:56
fwereadeaxw, because it's the environ that's more or less in charge of making tools, images, etc available to juju05:57
thumperalso... for future container checks05:57
thumperwe probably want the instance id05:57
thumperso we can get the machine05:57
thumperand see if it said kvm was ok05:58
thumperfyi, on ec2, no kvm05:58
fwereadeaxw, and at least a check for "do we have an image available" depends on seriess + type05:58
axwthumper: ah yes, I forgot you mentioned kvm-ok05:58
axwfwereade: fair enough05:58
thumperI plan to have the machine agent run it on start up05:58
fwereadethumper, AFAIK Prechecker will be somehow used inside state05:58
fwereadethumper, so we'll already know the machine05:58
thumperand if kvm-ok fails, then we should record in state that the host machine can't do kvm05:58
fwereadethumper, definitely05:59
thumperfwereade: but is it passed through?05:59
thumperwe probably should05:59
fwereadethumper, not yet05:59
axwthumper: passing through is in a followup05:59
fwereadethumper, we need tofigure out how to get this code where we need it without making baby jesus cry05:59
thumperthat's fine05:59
axwhehe05:59
thumperfwereade: I'm struggling getting the damn kvm code to actually run06:00
thumperconstantly fails for me06:00
fwereade:(06:00
thumperI'm writing the interfaces and mocks06:00
thumperand broker06:00
thumperand stuff06:00
thumperhoping that we can plug working bits in later06:00
fwereadethumper, cool, but if the stuff you'remocking seem flaky...06:00
fwereadethumper, yeah06:00
thumperit is what it is06:00
thumperwe can work with it for now06:01
fwereadequite so06:01
thumperwe know basicly what it will take06:01
thumperso can mock out that06:01
thumperit won't be perfect06:01
thumperuntil the utility code actually works06:01
thumperso I'm mocking out what I think we'll need06:01
thumperas far as params go06:01
thumperthe function calls are known though06:01
thumperstart/stop/list06:01
thumperand that's about it06:01
thumperexcept for the initialize06:01
thumpergo get me an image type code06:02
fwereadethumper, ok, great06:02
axwfwereade, thumper: so I'll put instance.Id in since it'll be used for kvm-ok, and I'll put series in for checking image availability06:02
axw(into PrecheckContainer params)06:02
fwereadeaxw, ah, ok, clearly I'm missing something -- why's the instance id needed there?06:03
fwereadeaxw, thumper: surely what will happen is the machine agent will run and check, and record in state whether kvm is a viable option06:04
fwereadeaxw, eliminating the need to ask the env?06:04
fwereadeaxw, or am I ignorant about something?06:04
axwah yes of course06:04
fwereade(I am surely ignorant about many things ofc)06:04
axwsorry, I'm still getting my head around what's known in state etc.06:05
axwthat makes sense06:05
fwereadeaxw, no worries06:05
axwnope, I'm ignorant :)06:05
axwok. just series then06:05
fwereadeaxw, that's not known yet anyway06:05
fwereadeaxw, cool, thanks06:05
axwfwereade: what's not known?06:05
fwereadeaxw, sorry -- the can-we-run-kvm code doe not *yet* write anything into state to record the results06:06
axwright06:06
fwereadeaxw, but it should/will, so we're good with series + contianer kind06:06
axwfwereade: thanks, I'll update it after proposing my httpstorage auth branch06:07
fwereadeaxw, brilliant, thanks06:07
fwereadeaxw, bah, it looks like I may be off shortly... the power company has scheduled maintenance, apparently06:07
fwereadeaxw, so it I disappear that's where I'll be06:08
axwfwereade: no worries, thanks for coming on early to chat.06:08
fwereadeaxw, and thanks for addressing all those things, those CLs look solid, I'll give them a closer look in a bit06:10
axwcool06:10
* fwereade is always a bit worried about searching for his power company06:11
axwbad reviews? :)06:11
* fwereade fears the consequence of a fat-fingered search for, yes, "enemalta"06:11
axwhaha06:11
fwereadeit's particularly alarming seeing branded fuel tankers driving around the airport06:12
fwereadeaaanyway06:12
axwspeaking of alarming branding, I saw this in a parenting magazine yesterday: http://www.juju.com.au/06:13
fwereadehaha06:16
davecheneyoh dear06:26
rogpeppemornin' all07:04
rogpeppefwereade: hiya07:06
fwereaderogpeppe, heyhey07:06
rogpeppefwereade: martin reviewed this, but suggested another look might be good, so i wondered if you could take a glance before i approve it. https://codereview.appspot.com/13778046/07:06
fwereaderogpeppe, ah, sure07:06
fwereaderogpeppe, btw I will disappear for an unknown period at some point today, power company doing some maintenance07:07
rogpeppefwereade: ok, thanks for the heads up07:07
TheMuemorning07:35
rogpeppeTheMue: yo!08:13
TheMuerogpeppe: btw, the chrome plugin you twittered is nice - but i dropped chrome08:14
rogpeppeTheMue: what do you use now?08:15
TheMuerogpeppe: to much memory and cpu consumption08:15
TheMuerogpeppe: now back to the good old ff08:15
dimiternTheMue, I have exactly the opposite experience with ff and chrome - the latter works faster and its more lightweight on my machine :)08:16
TheMuerogpeppe: imho chrome becomes more and more an own os, only missing a go and a dart ide integrated ;)08:16
TheMuerogpeppe: funny08:16
TheMuerogpeppe: some of my friends switched too and feel better now08:16
TheMuerogpeppe: may depend on the exact plugins one is using08:17
=== ChanServ changed the topic of #juju-dev to: https://juju.ubuntu.com | On-call reviewer: TheMue | Bugs: 12 Critical, 135 High - https://bugs.launchpad.net/juju-core/
TheMuehmm, the number of bugs is only increasing. we need a feature freeze to simply handle those bugs08:18
jamwallyworld_: I'm looking at the fetch code right now, and I see it failing to find sjson in 3 places before it even tries to look for .json: http://paste.ubuntu.com/6149206/08:40
jamthat looks like private-bucket, then ? then tools-url08:40
jamwallyworld_: I thought the goal was to search for sjson then json in private, then fallback to site-tools, then user config?08:40
jamwallyworld_: the issue is that the signed/unsigned flag is being done at a higher level08:42
jamwith "requireSigned"08:42
jamenvirons/tools/simplestreams.go always calls "GetMaybeSignedMetadata(...,requireSigned=true)"before calling it with something else if it hasn't found anything08:43
jamdoesn't that mean when we have juju.canonical.com or even just signed mirror data, it *won't* ever use user-specified unsigned metadata ?08:43
raywangjamespage, ping08:56
jamwallyworld_: I'm also surprised you decided to take our "implicit" URLs before user-explicit URLs (you check the custom urls before "tools-url")08:56
jamhow would a user override an explicit setting in the env? Only by using their private bucket?08:56
wallyworld_jam: i had no choice for the 1.15 release, because for in HP Cloud (for example), the tools url was set automatically and this hid the uploaded tools when using a dev release09:12
jamwallyworld_: how is tools-url set automatically ?09:13
wallyworld_jam: see certifiedclouds.go09:14
wallyworld_it sets up the tools url in config validation09:14
wallyworld_we won't need this once the repository comes online09:15
jamwallyworld_: so... that indicates to me that our layering is probably wrong. Can't we put it into the CustomSources instead of overriding user-config ?09:15
jamwallyworld_: we could call GetCertified... in openstack/provider.go GetToolsSources, couldn't we ?09:16
wallyworld_maybe. it was done later friday night because i was smoke testing for the release and found the issue. but we didn't release 1.15 so it was for nought09:16
wallyworld_i was just trying to get something done so the release would be ok09:17
wallyworld_it's on my list to revisit09:17
jamsure, did you see my point about always searching for DefaultBaseURL+ .sjson *before* searching the private-bucket for .json ?09:17
jamthat will also cause problems when we have "official" locations online09:17
wallyworld_i'm reading it now09:18
wallyworld_the thinking way back when was that signed metadata should take precedence but this could cause issues as you say09:19
wallyworld_jam: the hp cloud url was done in config because i needed to convert the deprecated public-bucket-url into a tools url and that deprecation code lives in config, but i think it can be split out into custom sources09:22
wallyworld_i was initially looking to keep the code dealing with deprecated config values together09:23
jamwallyworld_: sure. It just feels like it should be "user-config" then "private" then "default tools-for-cloud" then "juju.canonical.com"09:23
jam*maybe* private then user-config09:24
jambut right now we have "default-tools-for-cloud" before user-config09:24
wallyworld_sure. but a few short hours before when i thought the release was being done i needed a quick fix09:24
jamnp09:24
wallyworld_tomorrow i should get to do mirrors and hence was making tomorrow my "deal with simplestreams" stuff day09:25
wallyworld_stuff = where to find things09:25
jamnp09:25
jamwallyworld_: I only noticed because I had to touch those bits, and it caused conflicts when merging turnk09:26
jamtrunk09:26
wallyworld_np. i hadn't appreciated/property though about the sjon vs json thing so i'm glad you asked09:26
rogpeppejam, mgz, dimitern, TheMue, axw, natefinch: a small cleanup to the environs.Environ interface: https://codereview.appspot.com/1358704609:48
TheMuerogpeppe: looking09:49
rogpeppeTheMue: thanks09:49
TheMuerogpeppe: reviewed09:55
rogpeppeTheMue: ta!09:55
dimiternrogpeppe, hey he provisioner is ready for review :) https://codereview.appspot.com/13720051/10:17
rogpeppedimitern: cool. i'll take a look soon.10:19
jamespageraywang, hello10:45
raywangHi jamespage, just want to check with you that after deploy ceph-radosgw, anything extra works need to be done for testing s3 or swift compatibility?10:46
=== teknico1 is now known as teknico
jamstandup time10:47
jammgz: dimitern https://plus.google.com/hangouts/_/239d0ac12a07a73dd5a83cc2b9d8bb4047ce20b410:47
jamespageraywang, #juju10:50
raywangjamespage, ok10:50
TheMuehere's my CL for review: https://codereview.appspot.com/13430044/11:08
* TheMue => lunch11:18
natefinchjam - one thing I forgot to mention is that once the maas tags bugs are fixed, I'll need another project to work on, if you have ideas.11:22
jamnatefinch: I would look closely at supporting the work from the weekly agenda https://docs.google.com/a/canonical.com/document/d/1eeHzbtyt_4dlKQMof-vRfplMWMrClBx32k6BFI-77MI/edit#11:22
jamwhether that is doing code reviews11:22
jamor working with Martin on Amazon + VPC stuff11:23
jamnatefinch: also, if you have MaaS up and running11:23
jamthere is something I'm concerned about with our container strategy11:23
jamin that we fire up a container and it grabs an address from the DHCP server.11:23
jamI'm concerned that the MaaS infrastructure itself thinks that these are new machines that it is going to want to PXE boot.11:24
natefinchahh yeah, I remember you mentioned that11:24
natefinchjam I can do some testing on that11:24
jamnatefinch: essentially I think "juju deploy --constraints container=lxc" and then see what changes on the MaaS master node11:25
natefinchjam: I can do that. So that'll deploy a service to a container on one of the nodes, and we just want to make sure maas doesn't think you've added a new node for it to manage, right?11:26
jamnatefinch: right.11:26
jamor at least document what happens so we can open bugs about how we want to fix it11:26
natefinchjam: cool. I'll test that out once I get my maas in working order again.11:28
natefinchsmoser: you around?11:29
rogpeppewallyworld_: i've got a few remarks on https://codereview.appspot.com/13842044 if you can hold off approval for a few minutes11:34
wallyworld_ok11:35
=== Guest47103 is now known as ehw
rogpeppewallyworld_: you have a review11:48
wallyworld_thanks, looking11:48
mgzsorry for missing standup, had to step out11:51
wallyworld_rogpeppe: thanks for the Go tips, will implement those tomorrow before landing11:52
dimiternfwereade, hey11:54
fwereadedimitern, hey dude11:54
dimiternfwereade, provisioner review? https://codereview.appspot.com/13720051/11:54
fwereadedimitern, that took longer than expected11:54
fwereadedimitern, twould be a pleasure11:54
dimiternfwereade, I was wondering where are you11:54
fwereadedimitern, power cut11:55
fwereadedimitern, was apparently scheduled, I found out just today, wasn't expecting it to be like 4 hours though11:55
dimiternfwereade, aw.. well at least it's just 4 hours :)11:56
jamfwereade: welcome back11:57
rogpeppedimitern: quick question: why do non-global provisioners need the environ config at all?12:05
dimiternrogpeppe, afaik they need to know the environ config is saved to state already12:12
rogpeppedimitern: why so? just asking, because in future we won't want them to be able to get access to the env config, so it'll save us work if we can avoid them accessing it now.12:12
jamrogpeppe: so today the code is structured just that we wait for environ config changes and instantiate an "Environ" object12:13
jamwhich needs an EnvironConfig12:14
jamthey then later on do stuff with that Environ12:14
jambut the two parts of the code are pretty far apart12:14
rogpeppejam: what does the local provisioner do with an Environ?12:14
jamrogpeppe: I'm not 100% sure how it all hangs together.From what I can tell it uses "getBroker" which returns either the Environ itself, or an LXCBrokecr12:15
jamBroker12:15
jamrogpeppe: and the Config stuff ends up getting handed off to a lot of places12:16
dimiternrogpeppe, so in short, it seems the lxc one does not need it at all, but that's how the code is written12:16
rogpeppedimitern: I'd much prefer it if the local provisioner never called WatchEnvironConfig12:17
jamso what comes to mind is having an API that returns a minimialistic EnvironConfig, which we later ask another API for the credentials needed for the environment broker12:17
rogpeppedimitern: (i mean WatchForEnvironConfigChanges of course)12:18
rogpeppedimitern: couldn't you only set p.environ if p.pt == ENVIRON ?12:18
jamlooking at the code, it does feel like we have a bunch of switch statements that might look better overall if we just had 2 types12:18
jaman LXCProvisioner12:18
jamvs an EnvironProvisioner12:18
fwereadedimitern, ha, I was just coming to start the above conversation12:20
fwereadedimitern, rogpeppe: so, yeah, the environ stuff is tied in too tightly there12:21
rogpeppeah, i see why12:21
jamfwereade: so I think landing what we have to guarantee API-based provisioner in 13.10 and *then* trying to split things up would be our best way forward12:21
rogpeppei don't think the change would be difficult at all, at first glance anyway12:21
fwereadedimitern, rogpeppe: in particular, it look like an lxc provisioner is waiting for a valid environ config12:21
fwereadedimitern, rogpeppe: else how can it set p.environ12:21
fwereadedimitern, rogpeppe: and that mean we're pooing secrets onto every machine again12:22
fwereadedimitern, rogpeppe, jam: in the name of expediency I could put up with a hack-for-landing that had a p.environ field that was always nil for non-environ provisioners, for example12:23
fwereadedimitern, rogpeppe, jam: but it'd really have to be addressed very soon afterwards12:23
rogpeppethe problem is that ContainerManager.StartContainer wants a config.Config12:24
rogpeppeahhh12:25
rogpeppeso we actually do want a significant portion of the environment config there12:25
rogpeppejust not the secret bits12:25
fwereaderogpeppe, ha, yes, anotherslice through environ config with its own special idiosyncracies12:25
rogpeppebecause we need to call FinishMachineConfig, which needs things like authorized keys,12:25
fwereaderogpeppe, what does FinishMachineConfig use for non-managers aside from the auth-keys?12:26
fwereaderogpeppe, AIUI it is in fact *only* the authkeys we need12:26
rogpeppefwereade: provider type12:27
fwereaderogpeppe, aw, ffs12:28
rogpeppefwereade: and it uses cfg.AdminSecret, which seems wrong12:28
rogpeppefwereade: and StatePort and APIPort12:28
fwereaderogpeppe, nah, that's all after "if !mcfg.StateServer{ return nil}"12:29
rogpeppefwereade: ah! missed that, thanks.12:29
fwereaderogpeppe, I guess provider type i not so bad12:30
jamfwereade: we *are* putting environ creds onto every machine, but we know that, and while it lets you start and stop instances, it isn't the same as giving you root on all the machines.12:30
rogpeppefwereade: for lxc, i presume it's always lxc12:30
jamFor example, you can't actually add ssh keys to machines just with provider creds (only startup ssh keys, etc)12:30
fwereaderogpeppe, but I think there's a pretty good case for a narrower FinishBasicConfig which is called by FinishBootstrapConfig12:31
rogpeppeyeah, after reflection, i think i'm with jam that we should land this now and work towards eliminating environ config later12:31
fwereadejam, it lets an attacker spend a user's money12:31
fwereadejam, keeping those particular credential secret i one of the major points of this12:31
jamfwereade: I agree 100% that we want to get away from this. But I think getting to the point where "root on machine-a doesn't give root on all other machines" is a very useful step forward.12:32
rogpeppejam: +112:32
rogpeppefwereade: i think that this CL is progress12:32
rogpeppefwereade: and it's nice to see it when not too much logic has changed12:32
jamfwereade: the main problem is that we have a "config.Config" and we honestly don't know without a lot of deep inspection what we need out of that.12:33
fwereaderogpeppe, jam, dimitern: I don't care if the provisioner API does something ludicrously dirty like look up SecretAttrs and crap in NO-NOT-YOURS values over what they return12:33
jamso I think incremental steps. But having an EnvironProvider and an LXCProvider will actually clean up the code a bit as well as make it clearer what bits we actually need.12:33
fwereaderogpeppe, jam, dimitern: but we really must not put provider cred on every machine12:33
rogpeppefwereade: agreed12:33
rogpeppefwereade: but that doesn't have to happen in this CL12:33
dimiternexactly12:34
rogpeppefwereade: we don't have to do it all at once12:34
rogpeppefwereade: "progress not perfection"12:34
fwereaderogpeppe: sorry, but this is one of the main point of this work12:34
rogpeppefwereade: sure12:34
rogpeppefwereade: but it doesn't have to happen in *this* CL12:34
rogpeppefwereade: which is already big enough12:34
rogpeppefwereade: and gives us behaviour that's better than we had before12:35
jamfwereade, dimitern: so something like line 158 of state/apiserver/provisioner/provisioner.go after we grab Config.AllAttrs() we could do a "JobHostsStateServer" check and if that isn't part of the unit making the request, we nuke whatever secrets we can ?12:35
jamfwereade: aren't those specific to the provider itself (openstack has different secrets than ec2 than azure)12:36
jamor can we just nuke all secret attrs ?12:36
fwereadejam, yes they are, but we don't need to construct an actual environ to get secrets, that' on EnvironProvider12:36
rogpeppejam: yeah, we can do that (only if the provisioner isn't the global one though, of course)12:37
fwereadejam, but we will probably need to dick around and figure out the types of the secret attrs so we can overwrite them usefully,and in the general case overwriting them usefully may not even be possible12:37
dimiternso do we need an Environ (and its config) in a lxc provisioner at all?12:37
fwereadedimitern, we *need* two values out of the config12:37
dimiternfwereade, which ones?12:38
=== natefinch is now known as natefinch-afk
fwereadedimitern, provider type and authorized keys12:38
dimiternfwereade, why?12:38
fwereadedimitern, they're the ones actually used by FinishMachineConfig for a non-state-server12:38
jamfwereade: so the Environ.SecretAttrs seems to be the only place that knows what the private attributes are12:38
fwereadedimitern, but IIRC we agreed that authorized-keys should come from the machine anyway?12:38
jamstate.EnvironConfig doesn't combine sections or anything12:39
fwereadejam, yeah12:39
fwereadejam, afraid not12:39
dimiternfwereade, how about provider type?12:39
jamfwereade: so I would be fine with a quick hack, but I think if we can have LXCProvisioner than it doesn't need anything like EnvironConfig, it can just do "GetMyProvisionerConfig" sort of call.12:39
jamdimitern: I would guess that we don't actually need environ for LXC provisioner12:40
jamdimitern: but the current code layering12:40
dimiternjam, yeah12:40
jammeans a lot of line-by-line auditing of "can I get here in an LXC provisioner"12:40
rogpeppepersonally I think we should move towards having known attributes in the state in a well known form separate from environ config.12:41
fwereaderogpeppe, yeah, I'm definitely keen on migrating stuff into sensible buckets12:41
fwereadedimitern, I'm trying to figure out why we need provider type12:41
dimiternfwereade, we can do ProviderType() (string, error) api call, like we did with the uniter12:41
rogpeppefwereade: we'd have to be careful around juju set-environment12:41
fwereadedimitern, yeah, indeed12:42
jamdimitern: moving towards that also gets us away from "NewSimpleAuthenticator" running on the LXCProvisioner, which makes it easier to say "this does not actually directly touch Mongo"12:42
fwereaderogpeppe, yeah, definitely12:42
dimiternjam, we don't have to change that - we can change the api not to set mongo passwords12:42
fwereaderogpeppe, but, eh, that stuff's all fatally broken anyway,it only works by luck12:42
jamdimitern: this is more about auditability12:43
jamby sharing the code12:43
jamyou have to look at switches, etc12:43
jamoh, this isn't enabled in this configuration12:44
jamif we split them apart12:44
jamthen there just isn't a state connection object anywhere in the LXCProvisioner12:44
dimiternfwereade, so how about a follow-up that introduces ProviderType() and apiprovisioner.Machine.GetAuthorizedKeys() API calls, and uses that in the lxc provisioner?12:44
jamdimitern: I don't tihnk we need the api to get the ProvisionerType, as cmd/jujud/machine.go is the only place where we ever call NewProvisioner12:44
jamand if we *want*, we can make Provisioner just an interface{}12:45
jamand then implement 2 of them12:45
dimiternfwereade, GetAuthorizedKeys() needs to read the env config internally and return a slice of what?12:45
jamand NewProvisioner returns one or the other based on the flag you passed in.12:45
dimiternjam, it currently does that12:45
fwereadedimitern, GetAuthorizedKeys I think takes an []tag, and retur an []string12:45
dimiternjam, but not as an interface12:46
dimiternfwereade, machine tag ok, and which env config keys should it return?12:46
jamdimitern: no, it currently returns a Provisioner that has an internal flag set. vs a separate type/struct/whatever12:47
jamdimitern: I guess my point is, we shared a bunch of the code because they look "similar" but honestly there are a *lot* of different bits, and I'd like to split them further apart.12:47
fwereadedimitern, it just returns the valueof authorized-keysin config12:47
fwereadejam, yeah, they should unquestionably be split12:47
dimiternfwereade, ok, one per machine12:47
fwereadejam, that was always the original plan12:48
jamand have 2 implementations that share an interface, rather than 1 concrete type that has a bunch of switch statements.12:48
fwereadejam, but the authkeys-in-config scotched it12:48
dimiternfwereade, and then a follow-up that splits the 2 provisioners into separate types implementing an interface12:48
fwereadedimitern, do you know offhand why there's an environ on p?12:48
jamfwereade: GetAuthorizedKeys returns a []{tag: Name, keys []string} doesn't it?12:48
dimiternfwereade, and a third CL, which binds the previous 2 together12:49
jamwell, []{tag: Name, keys []string, Error}12:49
dimiternfwereade, it's an instance broker12:49
fwereadejam, authkey is just a string in the format one would expect in .ssh12:49
rogpeppejam: we current represent a set of authorized keys as a single string12:49
fwereadedimitern, wtf, why's it called environ then?12:49
jamfwereade: []{tag: Name, keys string, Error} ?12:49
dimiternjam, not really - we can co with just StringsResults - no name neede12:49
fwereadedimitern, +112:49
fwereadedimitern, ok, I need to think and read more code a little12:50
dimiternfwereade, because it implements what InstanceBroker's interface was extracted from12:50
jamdimitern: I personally *really* like APIs that return "result + context you requested it"12:50
rogpeppejam: too late :-)12:50
dimiternjam, we need to unnecessary change all calls12:50
dimiternjam, and it's working well already12:51
rogpeppejam: also, it's really not necessary - adds more network traffic and more error conditions to check12:51
jamrogpeppe: slightly more traffic vs being able to actually look at a response and instantly understand it....12:51
jamxml/json are reasonably self documenting over ASN.1 for a reason12:52
dimiternjam, you can look at the request and understand the response12:52
jamdimitern: still takes 2 bits of information, when it could be all together12:52
rogpeppedimitern: +1. without the request, you're pretty much out of luck anyway12:52
dimiternjam, i really don't see this as a drawback12:52
jamdimitern: so if you take this array of things, and sort of squint at it enough, you can line it up with that array of things.12:53
rogpeppejam: i could potentially change the rpc package so it always included all the request data with the response12:53
jam*or* you could write it down as an array of tuples12:53
jamand immediately see the pairirng12:53
rogpeppejam: we never pass more than one thing anyway - the whole point is moot12:53
dimiternjam, and send twice as much over the wire12:54
rogpeppejam: we might possibly one day have two uses for bulk calls12:54
jamdimitern: one is a tag that is 5-10 bytes, one is an authorized-keys string that is 1000bytes, that is not 2x over the wire12:54
fwereadedimitern, ok, so, that environConfig goes on a loong adventure between the getBroker call and the final FinishMachineConfig, but that's the only place it happens12:54
dimiternjam, rogpeppe: if anything, logging api requests and responses can be improved - like print the request data in the response log12:55
fwereadedimitern, so resolving that in this CL is indeed definitely not an option12:55
rogpeppefwereade: +112:55
fwereadedimitern, however I remain unrepentantly opposed to putting secrets,via the API, anywhere that is not known to be authorized to read those12:55
rogpeppefwereade: me too12:56
dimiternrogpeppe, and we need to get rid of these discard * call signature debug logs from the rpc12:56
rogpeppedimitern: they're gone12:56
dimiternrogpeppe, sweet!12:56
dimiternfwereade, ok, it's just a temporary state12:56
rogpeppedimitern: https://codereview.appspot.com/13249054/12:56
dimiternfwereade, it'll be fixed in the next 3 cls12:56
rogpeppedimitern, fwereade: i'd still like a second review of this (martin's request) BTW: https://codereview.appspot.com/13778046/12:57
fwereaderogpeppe, bugger, I thought I texted you -- I'd just finished reading it when the power went out12:57
fwereaderogpeppe, I said "LGTM" :)12:58
rogpeppefwereade: ah, you did! my phone was muted12:58
rogpeppefwereade: i sent you an email, expecting your "from-the-future toy" response...12:58
rogpeppefwereade: thanks12:59
fwereadedimitern, can we have a quick g+ in 5 please?12:59
rogpeppefwereade: ha, looks like a merged it anyway!12:59
rogpeppes/a merged/i merged/13:00
dimiternfwereade, sure, let me start one13:00
dimiternfwereade, https://plus.google.com/hangouts/_/96f599fd9a86362a79be136169847367eaaf553913:01
jamdimitern: http://paste.ubuntu.com/615001613:02
jamfwereade: ^^13:02
jamthat is in EnvironConfig13:03
jamwe already have the AuthEnvironManager13:03
jamto handle stuff like WatchEnvironMachines13:03
jamso we can just use it here to hide all secrets if we aren't an environ manager13:03
dimiternjam, and we need to restrict WatchForEnvironConfigChanges to the environ manager as well as EnvironConfig()13:03
dimiternjam, then we won't need to delete any attrs13:04
dimiternfwereade, i'm waiting13:04
jamdimitern: so I think we need an entirely new structure for non environ provisioners, but if we just want "don't leak secrets to those machines" that should be enough, I think.13:04
jamas in, we can do a bit of testing and land that in 2 hours13:05
jamwell hours not days13:05
fwereadejam, ok, dimitern will be closing the API hole such that the current structure will work without secrets, and in the meantime I'll be finishing the review and trying to come up with a way forward13:25
fwereadejam, well, without *real* secrets anyway13:26
TheMuefwereade: I proposed the latest CL after the review changes again. would you mind to take a look there too?13:29
fwereadeTheMue, will do13:29
TheMuefwereade: great, thx13:30
rogpeppefwereade, mgz, jam, TheMue, dimitern: small review if anyone wants to look: https://codereview.appspot.com/13839046/13:31
TheMuerogpeppe: already reviewing it13:32
rogpeppeTheMue: ta!13:32
TheMuerogpeppe: done13:34
rogpeppeTheMue: thanks13:34
fwereadedimitern, wait, shit -- that SimpleAuthenticator thing needs a valid environ13:36
dimiternfwereade, to call StateInfo() on it, yeah13:38
fwereadedimitern, so we can't plug the hole until we've handled that13:38
fwereadedimitern, it's easy to be fair becaue I'm pretty sure the provisioner is started with an agent config anyway, so it can clone its own13:38
dimiternfwereade, so should I stop doing the masking of the secret attrs then?13:39
fwereadedimitern, that's still necessary, I'm just trying to figure out the ordering13:39
dimiternfwereade, ah, ok13:39
fwereadedimitern, we can land secret masking right now with no impact13:39
fwereadedimitern, but with secret masking in place, we can't land the provisioner until the StateInfo requirement is fixed13:40
fwereadedimitern, but similarly, we can land provisioner with no impact, but then can't land secret masking until StateInfo is dropped13:40
dimiternfwereade, hmm13:42
dimiternfwereade, but the secretattrs that get masked is only one it seems - "secret", and it's needed by the stateInfo only, we don't need to use it, right?13:44
fwereadedimitern, in practice the ec2 secret-key will be masked13:46
fwereadedimitern, preventing us, I think, from reading the instance from storage and figuring out it address13:46
fwereadedimitern, hey13:46
fwereadedimitern, don't we already have API code for saying what the API addresses are?13:47
fwereadedimitern, I guess maybe we don't13:47
dimiternfwereade, we have one for the deployer13:49
fwereadedimitern, yay! then we should surely reuse that13:49
dimiternfwereade, so we get rid of environ.StateInfo() and call the APIAddresses() instead13:50
fwereadedimitern, yeah, I think so, and if it turns out that some annoying client depend on state.Info being meaningful we can just fill it with nonsense in order to move forward13:51
fwereadedimitern, it's nice that we have that auth interface for easy swapping out, innit ;)13:51
dimiternfwereade, the manual provisioner uses the SimpleAuthenticator as well13:52
fwereadedimitern, that's fine, it has legitimate access to the environ13:52
fwereadedimitern has a power cut too13:55
dimiternhmm it seems it was only my e-meter that tripped off14:02
dimiternfwereade, back14:03
fwereadedimitern, ah cool14:04
fwereadedimitern, https://codereview.appspot.com/13720051/ just reviewed14:04
dimiternfwereade, cheers14:05
rogpeppedimitern: a few comments from me too that i forgot to publish earlier14:06
dimiternfwereade, you mean all api watchers should return tags?14:06
dimiternfwereade, none of them do14:06
dimiternrogpeppe, thanks14:06
=== BradCrittenden is now known as bac
rogpeppedimitern: i hadn't noticed that, but for consistency all the watchers should really return tags not ids, i guess14:08
dimiternrogpeppe, you'd have surely noticed if you did a state-to-api migration of existing code :)14:09
rogpeppedimitern: surely i would :)14:10
fwereadedimitern, part of the point of the relation tag changes was so that the watcher could convert them to tags, iirc,did we forget to do that bit?14:10
fwereadedimitern, when we noticed we knew we were stuck with deployer's watchers but I think the others were fine14:11
fwereadedimitern, ie not yet implemented14:11
fwereadedimitern, eh,we both dropped the ball there I guess14:11
fwereadedimitern, what else have we released with non-tag-based watchers14:12
fwereade?14:12
dimiternfwereade, all of them14:12
dimiternfwereade, but I need to check which ones exactly14:13
fwereadedimitern, ok, let's not sweat it now14:14
rogpeppeall tests pass14:14
dimiternfwereade, so machiner, deployer, provisioner and uniter all have stringswatchers that need fixing14:14
rogpeppeyay!14:14
* rogpeppe says, a little wearily14:14
fwereadedimitern, tech-debt bug pointing out that all the StringsWatcher use a silly format but it's two-way transformable without context so nbd really14:14
fwereadedimitern, we'll fix it in our Copious Free Time, but at this stage we may as well be consistent and fix them all together14:15
dimiternfwereade, added bug 122975514:15
_mup_Bug #1229755: Watchers returned from the API should report tags, not ids as changes <tech-debt> <juju-core:Triaged by dimitern> <https://launchpad.net/bugs/1229755>14:15
fwereadedimitern, cheers14:15
rogpeppefwereade: perhas we could change the client code now to accept ids or tags, and transform them to tags if it gets ids. that way it's backward compatible when we move to returning tags from the API14:15
dimiternrogpeppe, this is how all the client (well agent really) code works14:17
fwereaderogpeppe, dimitern, hmm: maybe we could do that in the api stringsWatcher anyway... we can tell what kind a name/id has by inspection, can't we?14:17
fwereadeexcept wait, better yet14:18
dimiternfwereade, except for the relation units watcher14:18
rogpeppefwereade: i'm not keen on doing that if it's still called "stringsWatcher". "tagsWatcher" would be a better name in that case.14:18
fwereaderogpeppe, actually I had it the wrong way round anyway14:19
dimiternrogpeppe, tags are strings14:19
fwereaderogpeppe, stringsWatcher -- *if* it is indeed actually a names/ids/tags/whatever watcher will still want to produce non-tag things14:19
rogpeppedimitern: yes, but strings aren't tags14:19
dimiternrogpeppe, i'm -1 on tagsWatcher14:20
dimiternrogpeppe, perhaps entityTagsWatcher14:20
rogpeppedimitern: sure14:20
rogpeppedimitern: just i'm -1 on anything tag-related inside something that calls itself "stringsWatcher", implying that it's just a bunch of strings with no other attached semantics14:21
fwereaderogpeppe, dimitern: ok, so, we can in that case wrap the existing stringswatchers with wrappers that untag the strings as they land, if they are in fact tags14:21
dimiternfwereade, why so complicated?14:22
dimiternfwereade, we just assume we always get tags14:22
jamespagefwereade, who is looking at juju memory consumption on service units aka bootstrap node won't run on a tiny14:23
fwereadedimitern, because that's the low-impact change we can make today that gives us forward compatibility with anapi that returns tags from watchers, I think?14:23
dimiternfwereade, changing the stringsWatcher to return tags at client-side api seems low-impact to me  too14:24
fwereadejamespage, I think I will have to force some space to look at that myself, I'm afraid :(14:24
fwereadedimitern, except that all the existing code is expecting non-tags14:24
rogpeppejamespage: various of us have been tangientally involved14:25
dimiternfwereade, the needed changes to start expecting tags from these watchers is minimal14:25
fwereadejamespage, I know jam has been looking at it to dome degree too14:25
mgzjamespage: what we're really missing is some expertise from the other side14:25
fwereadedimitern, but there is code out there in the wild that we have released using ids, and changing to tags will mess with them14:25
jamespagemgz: from the other side?14:25
mgzit seems pretty clear something changed on canonistack, but no idea wgat14:25
mgz*what14:26
jamespagemgz, hmm - well I see exactly the same thing on serverstack14:26
dimiternfwereade, I think we messed up pretty much by being lenient about version upgrades14:26
fwereadedimitern, by implementing clients that can handle tags when they land in the future we can avoid changing the API today14:26
dimiternfwereade, and now we lock ourselves in a vicious circle every time we need to change the api in any way14:26
jamespagemgz, and I think I'm seeing a related issue with the mysql charm14:26
mgzwell, or possibly in cloudinit or the images14:26
mgzwe went from being able to run on tiny, to not, one afternoon without the juju code being changed (old versions now also exhibit the problem)14:27
mgzso, there's stuff juju can do to make this work, some of which is documented in the bug, but would be good to understand what exactly broke14:28
fwereadedimitern, yeah, I should have raged and screamed at the first version of the API and insisted on  explicit version handling from the beginning14:28
fwereadedimitern, but the questions of compatibility just shift there really14:28
dimiternfwereade, but fair enough, I see your point with decorating the stringsWatchers at client-side to untag stuff it gets14:28
fwereadedimitern, and honestly, I don't think even that is really worth doing at this point14:29
dimiternfwereade, then we need to change a bunch of watchers in state to return tags directly14:29
fwereadedimitern, hmm, not so sure, I was thinking that tags were really an API language14:29
fwereadedimitern, the first cut at them did I think leak into state, which is a shame14:30
fwereadedimitern, but the transform necessary from id to tag is not hard to do at Next() time14:30
rogpeppedimitern: it's easy enough to change the API in a backwardly compatible way if we want - just return both tags *and* ids for the time being, then deprecate the ids field later.14:30
fwereaderogpeppe, indeed14:30
dimiternfwereade, so we don't need to do anything for bug 122975 for now14:30
_mup_Bug #122975: thunderbird-bin crashed with SIGSEGV in raise() after click in email to show it in the preview pane <mt-needtestcase> <mt-waitdup> <thunderbird (Ubuntu):Invalid by mozilla-bugs> <https://launchpad.net/bugs/122975>14:30
fwereadedimitern, that's a relief14:30
fwereade;p14:30
dimiternoops bug 122975514:31
_mup_Bug #1229755: Watchers returned from the API should report tags, not ids as changes <tech-debt> <juju-core:Triaged by dimitern> <https://launchpad.net/bugs/1229755>14:31
fwereadedimitern, but yeah we don't need to do anything for bug 1229755 either14:31
_mup_Bug #1229755: Watchers returned from the API should report tags, not ids as changes <tech-debt> <juju-core:Triaged by dimitern> <https://launchpad.net/bugs/1229755>14:31
dimitern:)14:31
dimiternfwereade, I didn't quite get this https://codereview.appspot.com/13720051/diff/1/cmd/jujud/machine.go#newcode20114:34
fwereadedimitern, jujud houldn't know about differences between providers14:34
=== hatch_ is now known as hatch
dimiternfwereade, you're asking to add a tech-dept bug, which says something like "We need a MachineJob called JobHostLXCContainers" ?14:35
fwereadedimitern, yeah, we're running LXC based on kooky inferences14:35
fwereadedimitern, we should be getting what to try to run from state, I think14:36
dimiternfwereade, and who should decide whether the machine has that job or not?14:36
fwereadedimitern, the provider14:36
dimiternfwereade, and cmd/juju stuff that adds a machine?14:36
fwereadedimitern, don't think so, no14:37
fwereadehey wait sorry wrong job14:37
fwereadedimitern, ok there is more context mixed in the linked CL14:37
fwereadedimitern, I *think* that we figure out whether we can run containers by asking the environment14:38
fwereadedimitern, but we should talk about this with axw tomorrow morning, I think14:38
dimiternfwereade, ok14:38
dimiternfwereade, morning being? :)14:38
fwereadedimitern, the important thing is that you don't need to take action now but you do need to assign corrective action to yourself and we'll figure out exactly what it should be tomorrow14:39
dimiternfwereade, 10pm our time?14:39
fwereadedimitern, nah, morning our time, I think he's still around then usually14:39
dimiternfwereade, ok, so no bug to file until then14:39
fwereadedimitern, I was going to wait up last night but I don't think he actually get in until 3am or so14:39
fwereadedimitern, I guess the bug is something like "MachineAgent.APIWorker uses witchcraft to start lxc provisioner"14:43
axwfwereade, dimitern: I'm awake for the time being. What's up?14:43
fwereadedimitern, but yeah, we can charactierise it in context with axw tomorrow14:43
fwereadeaxw, heyhey!14:43
axw:)14:43
=== natefinch-afk is now known as natefinch
fwereadeaxw, more layering violations of the kind I was bitching about in the null provider review14:44
axwfwereade: is this the LXC provisioner worker thing in the same area?14:44
fwereadeaxw, machine agent deciding whether to do things based on provider/container type14:44
fwereadeaxw, close but not directly touching14:44
fwereadeaxw, the common thread is that machine agents are depending on environment info that's at the wrong level of abstraction14:45
fwereadeaxw, and that we have a perfectly good mechanism for telling agent what to do already, which is jobs14:45
axwright, as in they check the provider name, rather than checking what capabilities they have14:45
fwereadeaxw, exactly14:46
fwereadeaxw, and I thought that since I am telling both of yu that things must be fixed, and could perhap be fixed by defining new jobs, i thought it would be good for us all to be in sync14:46
rogpeppefwereade, mgz, TheMue, dimitern, axw, natefinch, jam: i'd love it if someone could take a look at this: https://codereview.appspot.com/1357304614:46
axwfwereade: righto14:46
rogpeppeit's unfortunately big, but not really splittable14:46
axwfwereade: so, I was looking at a TODO you left in bootstrap.go regarding customising jobs14:46
fwereadeaxw, yeah, that's the one :)14:47
axwfwereade: I think that's going to be necessary here14:47
axwand that leads to the question I emailed you regarding upgrade14:47
mgzrogpeppe: okay, as it's so small :)14:47
fwereadeaxw, yeah, it's a little fiddly, and in your case involves sending special instructions via cloud-init, I think14:47
* rogpeppe blows mgz a kiss14:47
axwfwereade: for local-storage, yes14:47
axwdimitern: you can reference 1229507 if you like14:49
axwonce one's done, it should be simple to do a second (or third, as is the case)14:49
dimiternaxw, ok, mine will be similar14:49
* rogpeppe goes back to the branch for which i made these changes... 46 branches previously14:50
fwereadeaxw, ok, updating jobs should be pretty tolerable, but there is currently no code that does this IIRC14:51
fwereadeaxw, I will expand on that in the response14:53
TheMuerogpeppe: I like your large ones14:53
axwfwereade: to my naive mind, this sounds like it might require generic upgrade support, which could also be used for state schema upgrades14:53
fwereadedimitern, I will cc you in14:53
rogpeppeTheMue: ha ha!14:53
fwereadeaxw, yeah, and at least the actual upgrading is now behind the api server and could thus perhaps be managed with a bit more finesse14:54
* rogpeppe likes a good double entendre14:54
* fwereade considers that to be barely a single entendre14:54
jamespagemgz, for context the mysql charms attempt to configure mysql with 80% of total memory on a service unit14:57
jamespagethis borkes fairly frequently now14:57
mgzinteresting14:57
jamespagemgz, different openstack deployment but I see the same issue with the bootstrap node on a m1.tiny14:58
mgzso, the main issue we were seeing was on bootstrap, starting jujud during cloudinit setup failing due to being short on memory14:58
TheMuerogpeppe: and please change NewMem() to NewMemory() (or at least NewDisk() to NewDsk(), just to make it similar *smile*)14:58
mgzmysql charm issues is a later point, and there's no mongo install happening14:58
rogpeppeTheMue: somehow NewMemory doesn't do quite the right thing for me as NewMem. I'm not quite sure why.14:59
rogpeppeTheMue: and Mem is a very commonly used abbreviation (e.g. memcached, etc)14:59
mgzjamespage: do you have any clues on what could have changed?14:59
mgzwe were presumably close to the limit previously, but something made everyone start hitting this issue...15:00
rogpeppeTheMue: i'm not sure it's worth bikeshedding over15:00
jamespagemgz, poking again right now15:00
TheMuerogpeppe: still NewMem reads strange ;)15:00
rogpeppeTheMue: to do it right, it would probably be NewMemoryBasedConfigStorage15:01
rogpeppeTheMue: but i'm actually reasonably happy with NewMem15:01
TheMuerogpeppe: yeah, java style15:01
TheMuerogpeppe: ok, can live with it15:01
TheMuerogpeppe: NewMBCS()15:02
TheMue;)15:02
rogpeppeTheMue: :)15:02
TheMuerogpeppe: reviewed15:04
rogpeppeTheMue: that was quick! thanks.15:04
jamespagemgz, doh! I already forced the dataset-size smaller for my config15:05
* jamespage pushed the car back up the hill to see if it crashes next time15:05
TheMuerogpeppe: most have been changes using the NewMem as additional arg, so here the reading has been simple15:05
rogpeppeTheMue: cool15:05
rogpeppemgz: were you reviewing it; if not, i'll approve it now.15:05
mgznearly there15:06
mgznothing substantive15:06
mgzI have some sympathy with TheMue's complaint about NewMem now he's emntioned it15:06
TheMuemgz: also want a change from NewMem to NewMemory? ;)15:06
fwereadeTheMue, lgtm with a couple of comments15:06
TheMuemgz: h515:06
TheMuefwereade: ta15:06
fwereaderogpeppe, onto yours in a few minutes :)15:07
mgzrogpeppe: posted15:07
rogpeppefwereade: cool, thanks15:07
rogpeppemgz: you're dead right about TestDestroyEnvironmentCommandConfirmation; i'll split it.15:08
mgzthere are still so many little aspects of the go language that trip me up...15:09
mgzreturn statements being one of the more trivial...15:09
TheMuefwereade: the hook name export has indeed an error, overlooked that i'm using it in the same package15:12
natefinchmgz: what about return statements trips you up?15:13
mgzthere are so many possible variations to how they'll look in a function15:18
natefinchmgz: I think as long as people avoid bare returns (which I think are an anti-pattern, and I wish they'd do away with them), then it's not so different than other languages... except for the multiple returns15:21
rogpeppefwereade: are you still planning to look at that branch?15:52
fwereaderogpeppe, sorry, the first file is still open16:14
rogpeppefwereade: np; i'm still working on a fix for TestBootstrapWithDefaultSeries live test as it happens16:14
rogpeppefwereade: do you know what the deal is with tools/juju-1.15.0-raring-amd64.tgz versus tools/releases/juju-1.15.0-raring-amd64.tgz ?16:15
rogpeppefwereade: it seems to be uploading to the latter, but StorageName is returning the former16:16
fwereaderogpeppe, huh16:16
fwereaderogpeppe, there is some horrible patching function16:16
rogpeppefwereade: any clues as to where it might be?16:17
* fwereade meditates16:17
fwereaderogpeppe, environs/tool/storage.go, right at the top16:18
fwereaderogpeppe, I would guess there's something screwy about the patching/unpatching16:18
fwereaderogpeppe, *but* I cannot recall why it was needed in the first place16:18
rogpeppeWTF!?!?!16:18
rogpeppewe set global variables for testing purposes, but SetTestPrefix is bonkers16:19
rogpeppeit means that SyncTools is fundamentally not thread-safe16:20
* rogpeppe feels slightly queasy16:21
rogpeppefwereade: ^16:22
fwereaderogpeppe, I do recall seeing it and being scared before, but being on the trail of bigger game, so your surmise is probably correct16:23
fwereaderogpeppe, so we call that outside a testing context?16:23
fwereaderogpeppe, or just that the tests are screwy?16:23
rogpeppefwereade: we call it in ReadList16:24
fwereaderogpeppe, uhh?16:24
rogpeppefwereade: and in copyOneToolsPackage16:24
rogpeppefwereade: which is called by SyncTools16:24
rogpeppefwereade: and Upload calls it too16:25
rogpeppefwereade: as does SyncTools itself16:25
fwereaderogpeppe, well, while it *might* coincidentally be safe, yeah, that's crack16:26
rogpeppefwereade: it's just random side-effects unrelated to the function16:26
rogpeppefwereade: ReadList, for example just changes the global tool prefix if it gets ErrNoTools16:27
rogpeppefwereade: oh actually it doesn't, sorry16:27
fwereaderogpeppe, yeah, I think it always cleans up after itself16:27
fwereaderogpeppe, but it's totally unaware of concurrency16:27
rogpeppefwereade: even if it was, it would be totally wrong16:28
rogpeppefwereade: you could protect it with a mutex and it would be just as wrong16:28
fwereaderogpeppe, yeah, it's a pretty fundamentally insane operation, that stuff should be passed around, no question16:28
rogpeppefwereade: why did the tools need to move, BTW?16:30
fwereaderogpeppe, I have absolutely no recollection of that, I'm afraid16:30
rogpeppefwereade: because we *could* put in lots of extra context and change quite a bit of code that assumes that names are independent of storage context, *or* we could just leave the names as they are16:31
rogpeppewallyworld: ping16:31
rogpeppefwereade: well, i think i'll leave that test as broken as is, as it's currently broken on trunk16:35
rogpeppefwereade: and i'll file a bug16:36
rogpeppefwereade: and i will approve my branch, unless you want to have a look first.16:36
fwereaderogpeppe, I'm reading through it, if I find any reason to panic I will be sure t oinform you16:38
rogpeppefwereade: i'm sure you will :-)16:39
rogpeppefwereade: if you think you'll finish tonight, i'll hold off16:39
rogpeppefwereade: https://bugs.launchpad.net/juju-core/+bug/122983916:46
_mup_Bug #1229839: provider/ec2: LiveTests.TestBootstrapWithDefaultSeries is broken <juju-core:New for wallyworld> <https://launchpad.net/bugs/1229839>16:46
fwereaderogpeppe, nice, thanks16:47
fwereaderogpeppe, LGTM, that's great16:59
rogpeppefwereade: cool, thanks16:59
fwereaderogpeppe, am I sane re: https://codereview.appspot.com/13573046/diff/5001/environs/open.go#newcode101 ?17:00
rogpeppefwereade: yeah, i feel quite good about the direction we're going17:00
rogpeppefwereade: i've been thinking about this issue17:01
rogpeppefwereade: short answer: yes, i was planning on just storing a diff17:02
fwereadeaww17:02
fwereadeit'll be big and smelly and redundant17:02
rogpeppefwereade: because otherwise the attributes may well have changed between the time you call Prepare and the time you call Open17:02
fwereadeloads of auto-inserted defaults17:02
rogpeppefwereade: that's true, but at least you'll have one single place to see all the settings that go into an environment17:03
rogpeppefwereade: that smelliness is actually our genuine stink17:03
fwereaderogpeppe, well, it's still two places if you consider what's in environment.yaml ;)17:04
rogpeppefwereade: eventually, i hope that environments.yaml will actually be replaced by a network call to fetch actual config values17:04
fwereaderogpeppe, I do agree there's a foul smell to the whole thing17:04
fwereaderogpeppe, eh, the CLI should hardly ever need to know them in the first place17:05
fwereaderogpeppe, bootstrap is, I think, the special case17:05
rogpeppefwereade: that's true17:05
rogpeppefwereade: and in most cases, the CLI will never see any attributes at all17:05
rogpeppefwereade: they're only relevant for the bootstrapper17:06
rogpeppefwereade: i think that, for an admin, knowing that they can bootstrap, then copy *only* environments.yaml and environments/name.xxx (ext TBD!) to another machine, is a really useful property17:07
rogpeppefwereade: without needing to remember to copy across any number of provider-specific env vars17:08
rogpeppetoo17:08
rogpeppefwereade: how about we go with "just a diff" to begin with, and if we think it looks too smelly, we can trim it down later.17:08
rogpeppe?17:09
rogpeppefwereade: i've got to go17:19
fwereaderogpeppe, sorry, got called away myself17:19
fwereaderogpeppe, I thought it'd be 5 seconds...17:19
fwereaderogpeppe, the env vars are a very good point, but my heart still yearns for making the provider -- that knows about that -- responsible for recording those17:20
fwereaderogpeppe, I'm not against the env file + environments.yaml, I think that's good, but I don't think it needs defaults inserted17:20
fwereaderogpeppe, values read from other files, probably, yes, though17:21
fwereaderogpeppe, anyway I must return17:21
rogpeppefwereade: we'll chat about this tomorrow17:21
rogpeppefwereade: g'night!17:21
rogpeppefwereade: BTW, only provider defaults will go in, as it's currently structured.17:23
rogpeppefwereade: and it's perhaps actually nice to see what those are17:23
rogpeppefwereade: by my logic above though, we'd should put in authorized keys and all the other defaults, making them concrete.17:24
* rogpeppe is really gone now17:24
natefinchmgz, fwereade. jam: if  there's anyone left online: https://codereview.appspot.com/1380204517:39
mgzlooking17:39
mgzah, and it's one I really should review too17:40
mgztas is stored as a list in Constraints I take it?17:41
mgzhence the change to IsEmpty checks rather than compare to {}17:41
mgz*tags17:41
* mgz j-s it up17:41
natefinchmgz: yeah, I added a comment to that effect after I realized it wasn't going to be obvious at first17:50
mgzI'm still not sure about that vs just storing a space-seperated string17:53
mgz(for other reasons, not because it would save an Isempty function, that's fine)17:53
natefinchin general I really like to store lists of strings as lists of strings... then you let each consumer reformat (or not) as necessary17:53
natefinchthen it's really clear "hey, there's multiple values here"  and you don't have to go look at the implementation to know how to separate the values17:54

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!