/srv/irclogs.ubuntu.com/2013/12/17/#juju-dev.txt

thumperhazmat: ping01:12
hazmatthedac, pong04:45
hazmatwhoops04:45
hazmataxw, ping04:45
axwhazmat: heya04:46
axwjam: are you around? if so, can you please prod the bot?06:03
jamaxw: looking06:03
jamaxw: poked, it should be trying to merge rogpeppe1's branch right now (473-parallel-try)06:08
axwthanks jam06:08
dimiternjam, ping09:00
jamdimitern: pong09:00
dimiternjam, i need some bzr surgery :)09:00
jamwhat's up?09:00
dimiternjam, I removed the current branch I was working on using rmbranch (didn't even get a warning!, but I'm usually careful not to do that)09:01
dimiternjam, and now pretty much every command returns bzr: ERROR: Not a branch: "/home/dimitern/src/juju-core/223-putcharm-uses-charm-upload/.bzr/branch/".09:01
dimiternjam, is there an easy way to reset that and switch to trunk?09:02
jamdimitern: bzr switch trunk --force09:03
dimiternjam, wow! tyvm it worked :)09:03
jamdimitern: by default switch does some sort of introspection on the "current" branch, which obviously doesn't work well when it isn't there, but --force skips that step09:03
rogpeppe1mornin' all09:05
axwhey rogpeppe1. your branch timed out in the tests in utils/parallel earlier. I couldn't reproduce it on my machine, but haven't looked into the code in detail yet09:08
rogpeppe1axw: yeah, i just saw that09:08
rogpeppe1axw: i can't repro either09:08
rogpeppe1axw: :-(09:08
rogpeppe1axw: it's a pity that the output for a timed-out test is so meagre09:09
axwindeed, don't even get to see which test it was...09:09
rogpeppe1yup09:09
dimiternjam, I was already dreading the possibility that I actually need to start from scratch :)09:09
rogpeppe1axw: i'm just trying with go1.1.2 in case that makes a difference09:12
axwrogpeppe1: okey dokey. I'll do some code inspection to see if I spot anything09:12
rogpeppe1axw: that would be useful, thanks09:12
rogpeppe1axw: still passes consistently with go1.1.209:13
axw:(09:13
rogpeppe1axw: i guess i'll try it in a machine in the cloud09:39
axwrogpeppe1: I'd try it on my underpowered VM, but my server's crapped itself09:40
dimiternrogpeppe1, I think you'll like this https://codereview.appspot.com/4333004310:09
rogpeppe1dimitern: looking10:09
axwrogpeppe1: it would appear that something in the trySuite is leaking goroutines. I added -test.cpu=1,1,1,1,1,1,... and number of goroutines keeps going up, and runtime keeps going up10:20
axwpossibly related, but ...10:20
axwseems unlikely10:20
rogpeppe1axw: it will probably go up for a while, but then settle down - it leaks a few goroutines that sleep for 4 or 5 seconds10:21
axwrogpeppe1: didn't ever go down, but I may not have waited long enough10:21
rogpeppe1axw: hmm, i'll have a look10:22
axwI'll keep digging10:22
axwrogpeppe1: trySuite.TestStartBlocksForMaxParallel10:24
axwgtg10:24
rogpeppe1axw: thanks10:24
rogpeppe1axw: yeah, i've just repro'd that10:27
rogpeppe1axw: it would have to be the last test i added...10:28
mgzjamespage: free for a fast catchup?10:35
mgzjamespage: er... actually, ignore me10:38
mgzjam: free for a fast catchup?10:38
rogpeppe1found the problem!10:39
dimiternrogpeppe1, mgz, jam, standup10:45
mgzdimitern: I'll have to skip as in sprint, but can give update on irc10:48
dimiternmgz, sure, go for it10:49
mgzat mini-sprint in london trying to help the CI guys with testing in charms, testing with charms, and testing juju setups10:52
mgzif there are any questions that come up over the next few days will bug people here for answers where I'm not sure10:53
dimiternrogpeppe1, btw while fixing the test, I have a couple of comments on https://codereview.appspot.com/42760043/11:02
dimiternrogpeppe1, i'll publish them shortly11:02
rogpeppe1dimitern: please do - i was about to push and re-approve11:03
dimiternrogpeppe1, sent11:06
jammgz: sorry I missed you earlier. So when I went to sign up my son yesterday, one of the after school activities didn't show, so I had to go *again* today to actually sign him up. I have a 1:1 with Nate, but then I'm available to chat after that11:10
mgzjam: sure, I'll find a gap11:11
dimiternrogpeppe1, and you've got another review11:23
rogpeppe1dimitern: ta!11:33
axwrogpeppe1: what was the issue?11:48
rogpeppe1axw: the loop was spinning11:48
rogpeppe1axw: so nothing made progress11:48
axwrogpeppe1: in the test or code-under-test?11:48
rogpeppe1axw: i'm a bit surprised that nothing made progress even with GOMAXPROCS>1 actually11:48
rogpeppe1axw: in the code under test - it was a bona fide bug11:49
rogpeppe1axw: the problem was that i was closing t.close, and always reading from it11:49
rogpeppe1axw: trivially fixed11:49
axwah, not setting to nil?11:49
rogpeppe1axw: yeah11:49
axwyeah I see it11:49
axwcool11:49
rogpeppe1axw: the fix actually made the code slighly simpler, which was nice11:50
axwrogpeppe1: I changed my code to using parallel.Try today. seems a bit more convoluted now due to the need to retry, but I may just have overlooked a simple alternative11:55
axwonce your MP is landed I'd appreciate a glance over11:55
rogpeppe1axw: i'd put the retries inside the functions started by Try11:56
axwrogpeppe1: that's what I did :)11:56
dimiternrogpeppe1, review poke11:56
axweach one is given a channel to wait on that's closed when it should stop retrying11:56
rogpeppe1axw: Try does that for you, right?11:56
rogpeppe1dimitern: thanks; getting back to it :-)11:57
dimiternrogpeppe1, cheers :)11:57
axwrogpeppe1: maybe I've overcomplicated it. my current code caters for stopping retries on individual addresses11:57
axwrogpeppe1: for pathological case where addresses come and go11:57
axwmaybe it should just keep going forever (until one wins or global timeout) for each address it sees?11:58
rogpeppe1axw: i'm just wondering that too11:59
jammgz: poke12:14
axwrogpeppe1: when you have time, https://codereview.appspot.com/40860048/12:17
rogpeppe1axw: will do after this12:17
axwthe parallel.Try bit is all in provider/common/bootstrap.go12:18
axwrogpeppe1: nps12:18
axwthanks12:18
dimiternrogpeppe1, I was thinking of renaming UploadCharm to UploadLocalCharm actually, because we've been just discussing with william about having an Upload[Charm?]StoreCharm to deal with CS urls12:19
rogpeppe1dimitern: so you can override the default charm store fetching?12:19
rogpeppe1dimitern: reviewed12:21
dimiternrogpeppe1, yeah, all the charm upload ops will be performed by these two methods, which will get rid of some code duplication12:21
dimiternrogpeppe1, thanks12:21
rogpeppe1dimitern: so how would the api Deploy call work?12:22
rogpeppe1dimitern: would that need to call the api itself?12:22
mattywfwereade, any news on that branch? is there stuff I need to be fixing?12:23
rogpeppe1dimitern: sorry, i probably mean the api AddService call12:23
dimiternrogpeppe1, right now there is some shared code between the CLI and API - DeployService12:23
fwereademattyw, sorry, I'll reapprove, the bot was throwing a fit12:23
dimiternrogpeppe1, I'd like to move all that code into the ServiceDeploy API call and make use of the UploadCharm calls in there12:23
rogpeppe1dimitern: i think i'm confiu12:24
rogpeppe1dimitern: i think i'm confused12:24
rogpeppe1dimitern: are you suggesting that we add an api call UploadStoreCharm?12:24
fwereaderogpeppe1, basically yes12:25
rogpeppe1dimitern: so how would the ServiceDeploy API call be implemented (server-side)?12:25
fwereaderogpeppe1, it means "go and do this charm-related operation that has hitherto been hidden away inside deploy/upgrade-charm"12:26
rogpeppe1fwereade: so this is essentially an AddCharm call?12:26
fwereaderogpeppe1, ServiceDeploy would start with "if the charm url isn't already recognised, barf"12:26
fwereaderogpeppe1, yeah12:26
rogpeppe1fwereade: with no uploading from the client to the server?12:26
fwereaderogpeppe1, we'd have to deprecate12:26
fwereaderogpeppe1, yes12:26
dimiternrogpeppe1, exactly12:27
rogpeppe1fwereade: ah, that makes sense. but i don't think that "Upload" is great in this context12:27
fwereaderogpeppe1, fair enough, I'm not married to the name12:27
rogpeppe1fwereade, dimitern: it made me think that it was something that the client was uploading12:28
fwereaderogpeppe1, there's some advantage to having it rhyme with the local version12:28
rogpeppe1fwereade: perhaps we should call them both Add(Local)?Charm12:28
fwereaderogpeppe1, sounds good?12:28
rogpeppe1fwereade: AddCharm(*charm.URL); AddLocalCharm(*charm.URL, charm.Charm)12:30
rogpeppe1dimitern: what do you think?12:30
dimiternrogpeppe1, why Add when we're doing an upload?12:33
rogpeppe1dimitern: because we want them both to rhyme, and Upload is inappropriate for the other one12:33
dimiternrogpeppe1, in both cases really - there's always a "upload to provider storage" step12:33
axwfwereade: I updated the DestroyEnvironment API based on our previous discussions (https://codereview.appspot.com/41280043/). The API call can still render the environment unusable (apart from destroying things) if there are manual machines, if two API clients race. I'm nervous about allowing them to leak, but if you feel strongly enough I can remove that12:33
rogpeppe1dimitern: and they're both adding a charm - one just happens to take the charm from locally12:34
rogpeppe1dimitern: i think of that as an implementation detail - it's downloading as much as uploading12:34
fwereadeaxw, thanks, I will try to get to it soon, today is meetingy again though12:34
dimiternrogpeppe1, well, i suppose so12:34
axwfwereade: no worries12:34
rogpeppe1dimitern: in the future, we probably won't store charms in provider storage, so it'll be even more like download-only12:35
dimiternrogpeppe1, AddStoreCharm perhaps? instead of AddCharm - too generic and confusingly similar to AddLocalCharm, without providing a distinction12:36
rogpeppe1dimitern: i think AddCharm is better because it gives freedom to expand to allow other kinds of URL in the future12:36
rogpeppe1dimitern: for instance we might allow the API server to download github charms directly.12:37
dimiternrogpeppe1, ok, fair enough12:37
rogpeppe1dimitern: it's really "add this url" - we just happen to support only cs: prefixes currently12:37
rogpeppe1dimitern: i just noticed something dubious12:38
rogpeppe1dimitern: why are you using GetNonValidatingHTTPClient ?12:38
dimiternrogpeppe1, because the API server's cert is self-signed12:40
rogpeppe1dimitern: no it's not12:40
rogpeppe1dimitern: it's signed by the CA public key, which we have12:40
rogpeppe1dimitern: the websocket connection is appropriately verified12:41
rogpeppe1dimitern: the POST should be too12:41
dimiternrogpeppe1, somehow I couldn't make a connection with it without skipping the validation12:42
rogpeppe1dimitern: you'll need to add the CA cert to the trusted root keys12:42
dimiternrogpeppe1, the SSL cert for a web server is different than others - domain name needs to match12:42
dimiternrogpeppe1, how do I do that?12:43
rogpeppe1dimitern: how is the websocket code not talking to the web server?12:43
dimiternrogpeppe1, I don't get any issues with the websocket connections, only with HTTPS ones12:43
rogpeppe1dimitern: did you try setting the tls config?12:43
dimiternrogpeppe1, where?12:44
rogpeppe1dimitern: in the http Transport12:44
rogpeppe1dimitern: one mo, i'll investigate12:44
dimiternrogpeppe1, i'm not sure what are you referring to12:44
dimiternrogpeppe1, when I try using http.DefaultClient instead of utils.GetNonValidatingHTTPClient, I get this http://paste.ubuntu.com/6588688/12:50
rogpeppe1dimitern: you can't use http.DefaultClient12:50
rogpeppe1dimitern: i'm just writing a code fragment for you12:50
dimiternrogpeppe1, why not?12:51
rogpeppe1dimitern: because DefaultClient uses the default root CA certs, which don't include the juju ones12:51
dimiternrogpeppe1, that seems wrong - inventing a self-signed ca cert and using it12:55
rogpeppe1dimitern: huh?12:55
rogpeppe1dimitern: that's the entire basis of our server authentication12:55
rogpeppe1dimitern: what's wrong with using your own certs?12:56
rogpeppe1dimitern: anyway, it's not self-signed - it's just a very short chain :-)12:57
dimiternrogpeppe1, well, anyway12:57
dimiternrogpeppe1, it strikes me as odd12:57
rogpeppe1dimitern: how else can we verify what server we're talking to?12:57
dimiternrogpeppe1, i'm not going there12:59
dimiternrogpeppe1, :) a discussion for another time perhaps12:59
rogpeppe1dimitern: honestly, if you think there are issues with our security model, it would be good to know about them13:00
dimiternrogpeppe1, i think it's inconvenient for others, that want their own hosted juju stuff to talk with standard clients13:01
rogpeppe1dimitern: unfortunately i think that juju is fundamentally incompatible with the standard client authentication model13:02
rogpeppe1dimitern: s/client auth/http server auth/13:02
rogpeppe1dimitern: for one, we don't have a well known domain name that the API server lives on13:02
dimiternrogpeppe1, not really - as far as tls is concerned13:02
rogpeppe1dimitern: for another, we don't want to require everyone that runs a juju API server to buy a certificate13:03
dimiternrogpeppe1, having the private and public key available makes is very easy for anyone to mount MITM attacks against a running environment13:04
rogpeppe1dimitern: how is the private key available?13:04
dimiternrogpeppe1, well, not very easy, but it's plausible13:04
dimiternrogpeppe1, isn't it in the source?13:04
rogpeppe1dimitern: no13:04
rogpeppe1dimitern: it's created when the env is prepared13:05
dimiternrogpeppe1, so how does the server use it for decryption?13:05
dimiternrogpeppe1, ah, ok13:05
rogpeppe1dimitern: the server is given the private key when it's bootstrapped13:05
rogpeppe1dimitern: (and in general, tls keys are never used for encryption or decryption)13:05
dimiternrogpeppe1, having the ca cert and key, can you generate a key that works for certain environment?13:06
dimiternrogpeppe1, they are, in the handshake process13:06
=== gary_poster|away is now known as gary_poster
rogpeppe1dimitern: diffie-hellman isn't really encryption13:06
rogpeppe1dimitern: if you have the root ca private key, you can generate any number of server certs and keys13:07
dimiternrogpeppe1, signing or encryption - it's all the same13:07
rogpeppe1dimitern: it's not even signing really13:08
dimiternrogpeppe1, how about generating a *specific* key - preseeding or something, so you can end up with a running env's key pair?13:08
rogpeppe1dimitern: i don't understand that13:09
dimiternrogpeppe1, i'll check it out13:12
dimiternrogpeppe1, so how about that sample code?13:13
rogpeppe1dimitern: almost there13:14
rogpeppe1dimitern: http://paste.ubuntu.com/6588771/13:16
rogpeppe1dimitern: (something approximately like that anyway)13:16
mattywfwereade, failed again - I wonder if something is wrong with the branch - I don't see any of those errors though when I run it locally13:17
dimiternrogpeppe1, thanks, looking13:17
=== BradCrittenden is now known as bac
dimiternrogpeppe1, is the api.Info.CACert always the same or that's the one we're generating?13:29
rogpeppe1dimitern: it's generated at prepare time currently13:30
dimiternrogpeppe1, so i'm thinking of adding utils.GetClientFromInfo(info *api.Info) *http.Client, which can be reused13:31
rogpeppe1dimitern: that doesn't seem quite right (and i don't think you'll be able to anyway)13:31
dimiternrogpeppe1, why?13:32
rogpeppe1dimitern: because you'd get an import cyclre13:32
rogpeppe1cycle13:32
dimiternrogpeppe1, well, then taking a CACert []byte13:33
mgzrogpeppe1: any reason I shouldn't just land the state api branch?13:33
rogpeppe1dimitern: that could work.13:33
mgzrogpeppe1: I want to make some more changes, but breakage on a dev version is okay, right?13:33
rogpeppe1dimitern: although i think it would probably live better in the api package13:33
rogpeppe1mgz: which branch is that?13:33
rogpeppe1dimitern: because it's actually all about making an http client that's good for connecting to the api13:34
mgzrogpeppe1: https://codereview.appspot.com/40350043/13:35
rogpeppe1dimitern: also, that wouldn't be that convenient to use because the api code actually needs the tls.Config, so would need to type-assert the Client.Transport13:35
rogpeppe1mgz: ah, the *status* api branch :-)13:36
mgzrogpeppe1: ah yes, whoops13:36
* rogpeppe1 woz confused for a moment13:36
dimiternrogpeppe1, I don't want to copy 20 lines every time I need to connect to the api server though13:38
rogpeppe1mgz: i have a feeling that rpc calls cannot return both an error and some data13:38
rogpeppe1dimitern: why would you need to do that?13:39
rogpeppe1dimitern: the only place you'd be connecting to the api server would be in the api packages, right?13:39
mgzrogpeppe1: really? the api doc didn't say that13:39
dimiternrogpeppe1, how about tests?13:39
dimiternrogpeppe1, it doesn't seem right to use a non-validating client there13:40
rogpeppe1dimitern: you might want to export api.State.HTTPClient, similar to how Call is exported13:40
mgzrogpeppe1: I'm also not clear on the meaning of returning api.Struct vs *api.Struct from rpc13:40
rogpeppe1mgz: rpc requires struct returns for all methods13:41
rogpeppe1mgz: the data is ignored if the error is non-nil... i'm pretty sure - let me check13:41
dimiternrogpeppe1, modify the Caller interface?13:41
dimiternrogpeppe1, that seems way too intrusive13:41
mgzrogpeppe1: as in, not struct pointers?13:41
rogpeppe1mgz: yup13:42
mgzI'm confused as to why the tests passed then...13:42
rogpeppe1dimitern: no, you wouldn't necessarily need to modify the Caller interface13:42
rogpeppe1mgz: perhaps there's nothing that tests partial-status-with-error13:42
mgzrogpeppe1: right, I'm pretty sure there's not for that. but I changed the api return code to *api.Status and if that's illegal I'd expect all the tests to fail13:43
rogpeppe1mgz: hmm, yes13:44
rogpeppe1mgz: ah!13:44
rogpeppe1mgz: perhaps it was just using the fallback code in those tests13:45
rogpeppe1mgz: did you try running all the tests in the tree?13:45
rogpeppe1mgz: i'm pretty sure there's one that tests for inappropriately-ignored rpc methods13:45
mgzrogpeppe1: I *thought* so, but will recheck13:45
rogpeppe1mgz: launchpad.net/juju-core/state/apiserver tests should have caught that13:48
rogpeppe1mgz: if it didn't then that test is bogus :-)13:48
rogpeppe1dimitern: yeah, i wouldn't modify the Caller interface - but you can add a method State.HTTPClient() *http.Client13:51
rogpeppe1dimitern: then api sub-packages that need to make direct http calls can use an interface that's something like: interface{common.Caller; HTTPClient() *http.Client}13:53
dimiternrogpeppe1, what's wrong with having a common function for that?13:53
dimiternrogpeppe1, in utils13:53
rogpeppe1dimitern: it seems like internal implementation detail of api to me13:53
dimiternrogpeppe1, it's quite useful13:53
rogpeppe1dimitern: we put stuff in utils that's generally useful13:53
rogpeppe1dimitern: where else might we want to use it?13:54
dimiternrogpeppe1, in plugins perhaps?13:54
rogpeppe1dimitern: surely plugins should be using the api package?13:54
dimiternrogpeppe1, i see no harm in add it there13:54
rogpeppe1dimitern: if we find ourselves wanting it somewhere else, i'd factor it out then (it will be trivial to do so)13:55
rogpeppe1dimitern: i prefer to avoid expanding utils indefinitely just because we think that something might be generally useful13:55
dimiternrogpeppe1, btw the code you gave me still causes the same error13:56
dimiternrogpeppe1, x509: cannot validate certificate for 127.0.0.1 because it doesn't contain any IP SANs13:56
rogpeppe1dimitern: could you paste the code you're using?13:56
dimiternrogpeppe1, http://paste.ubuntu.com/6588953/13:57
dimiternrogpeppe1, and the caCert i'm passing is the one from api.Info used to call Login13:58
rogpeppe1dimitern: could you push your branch please?13:59
rogpeppe1dimitern: aside: it's not right for that code to use a global variable13:59
dimiternrogpeppe1, there's a mutex around it14:00
rogpeppe1dimitern: it looks like you've cargo-culted from NonValidatingHTTPClient14:00
dimiternrogpeppe1, yes14:00
rogpeppe1dimitern: what happens if you pass a different CACert in?14:01
dimiternrogpeppe1, where should I get it from?14:01
rogpeppe1dimitern: where should you get what from?14:01
dimiternrogpeppe1, a different ca cert14:02
rogpeppe1dimitern: maybe you're talking to two environments at once?14:02
rogpeppe1dimitern: that's perfectly allowable14:02
dimiternrogpeppe1, i don't think so14:03
rogpeppe1dimitern: why not?14:03
rogpeppe1dimitern: i should certainly hope it's ok14:03
dimiternrogpeppe1, why should I be doing that? it's a standard code14:03
rogpeppe1dimitern: i'd consider it a serious bug otherwise14:03
rogpeppe1dimitern: what's a standard code?14:03
dimiternrogpeppe1, i mean i'm not doing anything fancy14:05
rogpeppe1dimitern: regardless of anything else, the output of a function should be, if at all possible, a deterministic function of its arguments14:05
dimiternrogpeppe1, pushed lp:~dimitern/juju-core/225-upload-charm-via-api - if you run the tests in state/api you'll see the error14:06
rogpeppe1dimitern: if I call GetHTTPClientFromCert(certA); then i call GetHTTPClientFromCert(certB) the second return will return the http client for certA. that's just wrong.14:06
dimiternrogpeppe1, ok, that's true, I'll remove the mutex + caching and just return a new client every time14:07
dimiternrogpeppe1, but that didn't help with the error - i tried already14:07
rogpeppe1dimitern: no, it wouldn't14:07
rogpeppe1dimitern: it was just an aside14:07
dimiternrogpeppe1, any clue about the error?14:19
rogpeppe1dimitern: i'm investigating currently14:20
dimiternrogpeppe1, ok14:20
rogpeppe1dimitern: this code works fine for me: http://paste.ubuntu.com/6589085/14:24
rogpeppe1dimitern: (i get a 401 response which indicates that all the tls handshaking and client cert stuff has worked ok)14:25
rogpeppe1dimitern: so i suspect you're not actually using the http client that you created14:26
dimiternrogpeppe1, I am using it14:26
dimiternrogpeppe1, but perhaps the caCert from the api.Info used for Login is not the same as in Environ.Config()14:26
rogpeppe1dimitern: you mean the bug i pointed out above might be triggering the problem?14:29
dimiternrogpeppe1, i'm not using the mutex anymore14:31
dimiternrogpeppe1, so the bug cannot occur14:31
dimiternrogpeppe1, i'm trying to get the environ config and the ca cert in AddLocalCharm to see if it helps14:31
rogpeppe1dimitern: so which test fails?14:31
dimiternrogpeppe1, TestAddLocalCharm, the only one14:33
rogpeppe1dimitern: it passes for me14:34
rogpeppe1dimitern: just to sanity check: what go version are you using?14:34
dimiternrogpeppe1, go version go1.1.2 linux/amd6414:36
rogpeppe1dimitern: ok, i'll try with that14:36
dimiternrogpeppe1, using the ca-cert from the environ config didn't help14:38
rogpeppe1dimitern: ha! i now see the problem - with go1.1.214:38
dimiternrogpeppe1, huh?14:38
dimiternrogpeppe1, those things always happen to me :)14:38
rogpeppe1dimitern: yeah, you seem to be blessed like that14:39
dimiternrogpeppe1, but 1.1.2 is the official version we're building against14:39
rogpeppe1dimitern: yeah14:39
dimiternrogpeppe1, so what's the underlying issue?14:39
rogpeppe1dimitern: i'll try to find that out14:39
dimiternrogpeppe1, so I think the only way around this is to use the non-validating client14:43
rogpeppe1dimitern: we should avoid that if at all possible14:43
rogpeppe1dimitern: but perhaps for now as a workaround with a huge "BUG HERE" comment14:43
dimiternrogpeppe1, i'm open to suggestions for a workaround the issue14:43
dimiternrogpeppe1, yeah, will do14:44
rogpeppe1dimitern: hmm, interestingly my little test example still works ok with go1.1.214:46
rogpeppe1dimitern: maybe it's something to do with the cert generation14:46
dimiternrogpeppe1, perhaps14:46
rogpeppe1dimitern: looks like that's the case14:50
rogpeppe1dimitern: my test program succeeds or fails depending on whether the server is compiled with go1.1.2 or go1.214:51
dimiternrogpeppe1, if you managed to find an issue# to include in the bug report?14:51
rogpeppe1dimitern: i need to find out what the issue is...14:51
dimiternrogpeppe1, ok, I'll just describe it in general14:52
rogpeppe1dimitern: give me a little more time14:52
rogpeppe1dimitern: i'm just about to find out what the difference between the generated certs is14:52
dimiternrogpeppe1, ok, no rush14:54
dimiternrogpeppe1, it seems we're generating certs without Subject_Alternative_Name field - https://groups.google.com/forum/#!topic/golang-nuts/hCCsphIUuBA14:57
rogpeppe1dimitern: that may be true, but it looks like that's still the case with go1.2, and it works there15:01
dimiternrogpeppe1, x509 in go 1.2 is different than that in 1.1.2 - some more things are supported15:04
dimiternrogpeppe1, specifically the SANs handling has changed, perhaps that's the cause15:04
rogpeppe1dimitern: possibly. but it seems a bit weird that the client version doesn't matter15:05
dimiternrogpeppe1, although the code handling the validation seems unchanged15:07
dimiternrogpeppe1, weird..15:07
dimiternrogpeppe1, does https://codereview.appspot.com/43330043 look ok to land?15:22
rogpeppe1dimitern: looks like the address->serverRoot name change hasn't been pushed yet15:24
dimiternrogpeppe1, oh, sorry, will repropose15:24
dimiternrogpeppe1, done15:33
natefinchfwereade, rogpeppe1: so here's the problem I've been having with mongodb... the default distribution doesn't support SSL, so creating a new mongo server is failing.  That's at least why it's failing locally on my machine.  The problem is, I don't know how it was working before, since I'm pretty sure I was running a generic build before, too.15:51
rogpeppe1natefinch: i can't see how you could have run any juju tests with default distribution - we've required that for ages15:52
natefinchrogpeppe1, I must have gotten the special version and forgotten about it, then when I rolled back to 2.2 yesterday, I messed it up.15:53
natefinchrogpeppe1, where do I get the SSL-ified version?15:53
rogpeppe1natefinch: i'm not sure i'm afraid16:01
rogpeppe1natefinch: you can probably apt-get it from somewhere16:01
rogpeppe1natefinch: when you find out, let me know, 'cos i'd like to upgrade to mongo 2.4...16:01
rogpeppe1dimitern: i posted a comment on your CL16:01
=== teknico_ is now known as teknico
dimiternrogpeppe1, let's not use rpc.NoSuchRequest, because it's nothing like it16:02
rogpeppe1dimitern: in which case, let's unify the two16:03
dimiternrogpeppe1, the transport is different as well16:03
rogpeppe1dimitern: so an api client doesn't have to use several different ways of determining errors16:03
natefinchrogpeppe1, sounds like it has to be built from source or purchased16:03
dimiternrogpeppe1, there are only 2 ways16:03
rogpeppe1dimitern: sure, but there should only be one16:04
dimiternrogpeppe1, and there are 2 transports underneath16:04
rogpeppe1dimitern: the transport is an implementation detail16:04
dimiternrogpeppe1, so you propose to make NoSuchRequest a NotImplementedError16:04
rogpeppe1dimitern: i propose to define CodeNotImplemented and make a non-implemented error just like all the other errors defined in params16:05
rogpeppe1dimitern: so that if you're using state/api/* you only have one way of classifying errors16:05
dimiternrogpeppe1, and how is that going to work for rpc.NoSuchRequest?16:06
rogpeppe1dimitern: one possibility is outlined in my comment16:06
rogpeppe1dimitern: another possibility is to change api.State.Call so that it transforms the rpc error as appropriate16:06
dimiternrogpeppe1, so we can return serverError(&Error{Message: "not impl. blah", Code: params.CodeNotImplemented}) instead of NotImplementedError, and make rpc.NoSuchRequest ErrorCoder-compatible, using params.CodeNotImplemented as code16:10
rogpeppe1dimitern: i *think* params should import rpc rather than the other way around16:11
rogpeppe1dimitern: because we might make rpc into an external package at some point16:11
rogpeppe1dimitern: and serverError is for server-side not client-side use16:12
rogpeppe1dimitern: this is a change that really should be part of another CL; hence i suggest the quick fix so you can land this, then fix all calls to rpc.IsNoSuchRequest to call params.IsNotImplemented instead16:14
dimiternrogpeppe1, problem is, it already landed, sorry16:15
dimiternrogpeppe1, but i'm preparing a follow-up16:15
rogpeppe1dimitern: ok, thanks16:15
* dimitern will be back soon16:17
TheMuehmm, ears are still closed and whistling, hope it will be better tomorrow. but at least my tests are working fine so far.16:19
dimiternrogpeppe1, how do you suggest doing "make the rpc package return error code CodeNoSuchRequest on method-not-defined16:59
dimiternerror"16:59
dimiternrogpeppe1, where should I catch and report this error?17:00
rogpeppe1dimitern: ok, there are few aspects to this:17:01
rogpeppe1dimitern: 1) in rpc/rpcreflect, define type NoSuchMethodError {Method, RootMethod string}17:02
dimiternrogpeppe1, ok17:02
rogpeppe1dimitern: 2) change rpcreflect.MethodCaller to return that error instead of using fmt.Errorf17:04
dimiternrogpeppe1, ok, but why do I need RootMethod if I never set it?17:05
rogpeppe1dimitern: 3) in rpc, define const CodeNotImplemented = "not implemented"17:06
rogpeppe1dimitern: because you'll need it to define the Error return17:06
rogpeppe1dimitern: s/return/method17:06
rogpeppe1dimitern: (more specifically, NoSuchMethodError.Error)17:06
dimiternrogpeppe1, I can do that with only NoSuchMethodError.Method, I don't need RootMethod17:07
=== gary_poster is now known as gary_poster|away
rogpeppe1dimitern: the message should not change, which means that it should include the root method name too17:07
rogpeppe14) in rpc, change bindRequest to check if MethodCaller returns a *NoSuchMethodError, and return RequestError{Message: err.Error(); Code: CodeNotImplemented} if so17:09
dimiternrogpeppe1, in func (t *Type) Method(name string), the only place NoSuchMethodError is returned, I don't have the rootmethod, so I can't set the RootMethod field17:09
dimiternrogpeppe1, ok, so in ObjType.Method as well - but same case - RootMethod is unknown17:10
rogpeppe1dimitern: ha, i'd forgotten about ErrNoSuchMethod!17:10
dimiternrogpeppe1, yeah, that's what you meant, right?17:11
rogpeppe1dimitern: no, i was talking about the error returned from Value.MethodCaller17:11
dimiternrogpeppe1, aha!17:12
dimiternrogpeppe1, but Type.Method should also change, right?17:12
rogpeppe1dimitern: i'm just thinking over that17:12
dimiternrogpeppe1, perhaps there, i can use Type.root.Name() to populate the root method17:13
rogpeppe1dimitern: there are two places that currently return ErrMethodNotFound17:14
dimiternrogpeppe1, yes both Method() methods on Type and ObjType17:14
rogpeppe1dimitern: i think we should leave type.go unchanged17:15
dimiternrogpeppe1, won't it be confusing to have both NoSuchMethodError and ErrNoSuchMethod?17:15
rogpeppe1dimitern: and implement a new type, say CallNotImplementedError17:15
dimiternrogpeppe1, sounds reasonable17:16
rogpeppe1dimitern: i hope that's sufficiently different to be not confusing17:16
dimiternrogpeppe1, ok17:18
rogpeppe15) in rpc, in Conn.handleResponse, change it to set call.Error.Code = CodeNotImplemented if the error message begins "no such request" or "unknown object type"17:20
rogpeppe1dimitern: (with a "deprecate this" comment, because it's only for compatibility)17:20
rogpeppe16) in rpc, change IsNoSuchRequest to check ErrorCode==CodeNotImplemented17:22
rogpeppe16b) rename IsNoSuchRequest to IsNotImplemented, or delete entirely.17:22
rogpeppe17) define params.CodeNotImplemented = rpc.CodeNotImplemented17:23
rogpeppe18) implement params.IsNotImplemented17:23
rogpeppe19) 8) change all callers of rpc.IsNoSuchRequest to use params.IsNotImplemented instead17:23
rogpeppe15a) ... only if the error code is not already set17:24
rogpeppe1dimitern: i think that's about it17:24
dimiternrogpeppe1, you know, the time it took to explain to me how to do it, you could've probably done it and put it up for review :)17:36
rogpeppe1dimitern: it would have taken that amount of time just to run lbox propose once :-(17:37
dimiternrogpeppe1, in 5) I presume you mean handleRequest, not response17:37
dimiternrogpeppe1, or perhaps writeErrorResponse17:38
rogpeppe1dimitern: no, i did mean handleResponse17:39
dimiternrogpeppe1, there's no such method17:39
dimiternrogpeppe1, ah, sorry17:39
rogpeppe1dimitern: in the "case hdr.Error != "":" branch of the switch17:39
dimiternrogpeppe1, i'm blind17:39
rogpeppe1dimitern: sorry, i should've said it's in client.go17:39
dimiternrogpeppe1, but there I don't have the error anymore, so I have to do strings.HasPrefix there17:40
rogpeppe1dimitern: yeah, same as IsNoSuchRequest does now17:40
dimiternrogpeppe1, well ok17:41
rogpeppe1dimitern: lack of foresight on my part i'm afraid - i should have implemented it as an error code when i first did error codes17:41
dimiternrogpeppe1, but hdr.Error is a string, so I have to convert it to an error just to check it's string rep17:41
rogpeppe1dimitern: huh?17:42
rogpeppe1dimitern: it *is* its string representation :-)17:42
dimiternrogpeppe1, but IsNoSuchRequest takes an error17:42
rogpeppe1dimitern: don't call IsNoSuchRequest17:42
rogpeppe1dimitern: see 6)17:43
rogpeppe1dimitern: i tried to formulate the CA cert problem in a standalone program and couldn't reproduce the issue. http://play.golang.org/p/WVM3GfphOu17:52
rogpeppe1dimitern: (which works fine under both go1.1.2 and go1.2, bother it!)17:52
dimiternrogpeppe1, so apparently something is wrong with how our code handles certs17:53
rogpeppe1dimitern: i'm not making any assumptions17:54
rogpeppe1dimitern: as far as i know, that *is* our code... and it works17:54
dimiternrogpeppe1, maybe there are some subtleties which are intervening18:00
dimiternrogpeppe1, anyway, I'm almost ready with the CL18:01
dimiternrogpeppe1, so no changes needed in bindRequest after all18:11
rogpeppe1dimitern: no?18:11
dimiternrogpeppe1, the ones in handleRequest did the job, otherwise with changes to bindRequest i get double wrapping18:11
dimiternerror string = "request error: request error: no such request - method SimpleMethods.No is not implemented (not implemented) (not implemented)"18:11
rogpeppe1dimitern: do you mean handleResponse there?18:12
dimiternrogpeppe1, oh, yeah right18:12
rogpeppe1dimitern: see 5a)18:12
rogpeppe1dimitern: i think you should make the change to handleRequest18:12
dimiternrogpeppe1, yeah, i'm doing ths18:12
dimiternrogpeppe1, which change?18:13
rogpeppe1dimitern: because the prefix checking is wrong, and should only be used for compatibility18:13
rogpeppe1dimitern: the change to set the error code in the returned error18:13
dimiternrogpeppe1, ok, before my head blows, let me propose it, so i can have your comments in one place please18:13
rogpeppe1dimitern: oops, sorry, i meant bindRequest...18:13
rogpeppe1dimitern: ok, np18:14
natefinchSo, does anyone know *if* we're installing mongo 2.4 in the field, and if so, where we get it from?  I have directions from TheMue from when I joined to download 2.2 from an amazon s3 address, but none of the likely 2.4 names are available from that bucket.  I am trying to build mongo myself, but their directions appear to be incomplete, because it doesn't build successfully.18:16
dimiternrogpeppe1, ok, so it's not really working fully18:18
dimiternrogpeppe1, but I'll propose it, so you can pull it and make suggestions how to do it as you think is should be done18:18
dimiternrogpeppe1, so only the rpc testBadCall tests fail, all others pass - take a look please and have your say https://codereview.appspot.com/3854004418:27
* dimitern reached eod18:27
rogpeppe1dimitern: looking18:34
rogpeppe1dimitern: this fixes those tests: lp:~rogpeppe/juju-core/dimitern-225-unify-not-implemented-errors/19:04
* rogpeppe1 has also reached eod19:14
rogpeppe1g'night all19:15
thumpernight rogpeppe119:15
thumperfwereade: you around at all?19:15
thumperfwereade: I'd like to chat design issues around juju run with you, I'm going to make coffee but back shortly19:17
=== gary_poster|away is now known as gary_poster
dimiternthumper, he's afk atm19:49
thumperhi dimitern19:54
thumperdimitern: I kinda guessed that :)19:54
thumperi'm trying the ping with context :)19:54
natefinchthumper, do you know where/if we keep binaries for mongo 2.4?19:54
dimiternthumper, :) just an on-site observation19:54
thumperum...19:54
thumpernatefinch: look in the cloudinit code19:55
thumperit has code to add the source for mongodb19:55
natefinchthumper, it looks like it's just in the juju/stable ppa, which means it's just 2.2.420:10
thumpernatefinch: ah, that may be our patched version of things20:11
thumpernatefinch: is there mongodb-server in the cloud archive?20:12
natefinchthumper: not sure how to check that20:20
natefinchthumper: I guess other than deploy a server and go look20:21
natefinchthumper: that says 2.4.6.  Just not sure where it's from20:24
natefinchI actually started building 2.4.8....  holy crap C++ builds slowly20:36
marcoceppinatefinch: is this accurate? https://juju.ubuntu.com/docs/authors-charm-interfaces.html#documenting-interfaces20:53
marcoceppiThe gets/sets stuff20:53
marcoceppinate, or anyone else20:54
natefinchmarcoceppi, doesn't sound familiar21:00
marcoceppiI didn't think so. I'm going to remove it21:00
natefinchnothing like a 15 minute build that fails at the end.21:02
thumpergary_poster: you around?21:18
gary_posterthumper, yeah, hey21:19
thumpergary_poster: can fwereade and I ask you a few questions around the UI and API in a hangout?21:19
thumpergary_poster: https://plus.google.com/hangouts/_/7acpijrir4uqnfkk2qgfdtrgpk?hl=en21:19
gary_posterthumper, of course. coming21:19
=== gary_poster is now known as gary_poster|away

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!