thumper | axw: hey there | 00:48 |
---|---|---|
thumper | axw: sinzui_ is having issues with your hp fix branch, seems to have a bad import | 00:49 |
axw | thumper: reading the email now | 00:52 |
axw | eh wtf | 00:53 |
axw | aw crap, I think I enabled goimports and it mucked about with the imports | 00:54 |
thumper | heh | 00:55 |
thumper | axw: so, after talking with fwereade this morning, I'm going to implement a system ssh key right now | 00:55 |
axw | thumper: excellent | 00:55 |
* axw feels vindicated | 00:56 | |
axw | ;) | 00:56 |
thumper | davecheney: I don't suppose your ssh go stuff has keygen? | 00:56 |
axw | thumper: AFAIK they | 00:59 |
axw | are just PEM keys | 00:59 |
thumper | axw: I'm not entirely sure what that means | 01:00 |
axw | thumper: same format used by the private keys we generate already | 01:01 |
axw | for mongo | 01:01 |
thumper | oh? | 01:01 |
thumper | hmm... | 01:01 |
axw | thumper: in fact, we could perhaps just use the same one | 01:02 |
thumper | axw: maybe... | 01:02 |
axw | not sure what the requirements are for SSH | 01:02 |
thumper | yeah, well luckily I have another machine here I can ssh to to test | 01:02 |
davecheney | thumper: it wouldn't be hard to write | 01:03 |
thumper | davecheney: yeah, axw said as much | 01:04 |
thumper | I think what I'd like is a function in utils/ssh called "GenerateKey" (surprise) | 01:04 |
thumper | that generates to byte arrays, | 01:04 |
thumper | one private key and one public key | 01:05 |
thumper | equivalents of "id_rsa" and "id_rsa.pub" | 01:05 |
thumper | given the core go team's affinity for crypto | 01:05 |
thumper | chances are all I need is glue | 01:05 |
davecheney | yup | 01:06 |
davecheney | lemmie look in the ssh package tests | 01:06 |
davecheney | we probably have some code | 01:06 |
thumper | davecheney: awesome sauce | 01:07 |
* thumper channels fwereade | 01:07 | |
thumper | davecheney: found any? I've found some docs as to the file format, so could hack something up | 01:31 |
thumper | davecheney: but you sould probably be saving me time | 01:31 |
davecheney | thumper: yup | 01:36 |
davecheney | looking after lunch | 01:36 |
thumper | ok | 01:43 |
thumper | ta | 01:43 |
axw | thumper: I'm just looking to see if we can reuse the existing private key we have | 01:47 |
axw | there's code in go.crypto/ssh to generate an authorized_keys line from an RSA public key | 01:47 |
axw | thumper: https://gist.github.com/axw/8016123 | 01:55 |
thumper | axw: what about the identity file that you can hand off to ssh? | 01:56 |
axw | thumper: I just fed in the key we give to mongo, added the output of that program to ~/.ssh/authorized_keys, and used ssh -i local-private-key.pem | 01:57 |
axw | thumper: it's just the key file | 01:57 |
thumper | axw: and that works? | 01:57 |
axw | yup | 01:57 |
thumper | awesome! | 01:57 |
thumper | axw: let me poke around in the code and see if I can get this working nicely... | 01:58 |
thumper | axw: I think perhaps we should default to use the system key for 'juju ssh' | 01:59 |
thumper | axw: that would make the windows code work nicer | 01:59 |
thumper | axw: you are doing the ssh util work for windows yes? | 01:59 |
axw | thumper: I'm not so sure we should be passing that key around in the .jenv though, should we? | 02:01 |
axw | that would make it difficult to revoke access | 02:01 |
thumper | axw: oh, interesting point | 02:01 |
axw | thumper: I will be working on making it work for windows, yes | 02:01 |
thumper | hmm... | 02:02 |
thumper | axw: so, what are your thoughts on that? | 02:02 |
thumper | we want a system identity | 02:03 |
thumper | and if we can use the same that we have for mongo, then that should be fine | 02:03 |
thumper | but we still need something to watch bootstrap with | 02:03 |
thumper | perhaps that is a different id? | 02:03 |
axw | thumper: sure, I just don't think we should carry it around outside the system; ideally we should dispose of it after bootstrap | 02:03 |
axw | from the client I mean | 02:04 |
thumper | we want something that will work out of the box with windows users | 02:04 |
thumper | axw: but I think we should create a default user key... | 02:04 |
thumper | or... | 02:04 |
thumper | perhaps we just create the default user key if there is no local one found | 02:05 |
thumper | and that is a separate issue | 02:05 |
thumper | from the bootstrap issue | 02:05 |
axw | thumper: yeah I see your point. I guess we do want another one | 02:05 |
axw | we want the system one to be different to the default one used by the CLI | 02:05 |
thumper | ok, my branch will work to make this system identiy | 02:05 |
thumper | work | 02:05 |
axw | because of revocation | 02:05 |
axw | sounds good | 02:06 |
thumper | axw: yes agree to that last statement | 02:06 |
axw | thumper: I think bootstrap can just create another key if it doesn't have one | 02:07 |
axw | for the CLI | 02:07 |
* thumper nods | 02:07 | |
thumper | axw: that is a separate bit of work though | 02:07 |
axw | thumper: yes, I can do that later | 02:07 |
thumper | lets go with the system identity, and using that for the bootstrap | 02:07 |
thumper | ... | 02:07 |
axw | thumper: what about CLI users other than the bootstrapper? | 02:15 |
thumper | not sure yet | 02:16 |
thumper | I'm actually trying to find the code where it loads the authorized keys | 02:16 |
thumper | the code I'm reading seems to indicate that it doesn't bother | 02:16 |
thumper | unless I set them explicitly | 02:16 |
thumper | but I know this is wrong... | 02:16 |
thumper | ugh | 02:18 |
thumper | an OR | 02:18 |
axw | thumper: maybe just updated environs.BootstrapContext to add the key to whatever's computed? | 02:19 |
thumper | axw: is the ca-private-key the thing we use to talk to mongo? | 02:30 |
thumper | axw: if so, that is in the .jenv file in the bootstrap config | 02:30 |
thumper | so perhaps we do want a different identity? | 02:30 |
thumper | something that gets generated and written to cloud init, but not on the client side | 02:30 |
axw | thumper: it is in there, but I think fwereade wants it out | 02:30 |
axw | thumper: and yes that's what we use for mongo | 02:31 |
thumper | ah, fair call | 02:31 |
* thumper goes to make coffee | 02:31 | |
thumper | this takes more thinking than I thought :) | 02:31 |
thumper | the identity stuff that is | 02:31 |
thumper | not the making coffee | 02:31 |
axw | hehe | 02:31 |
axw | not enough coffee makes making coffee more difficult | 02:32 |
* axw -> lunch | 03:39 | |
hazmat | wrt to put charm api, it appears to be unconditionally setting the scheme to local, deploy cli landing should resolve | 03:48 |
thumper | axw: are you good with me updating our go.crypto to tip? | 04:28 |
thumper | also, how do I find the full hash of an hg tip revision? | 04:29 |
thumper | axw: in the end, I have gone with a ssh.GenerateKey function | 04:51 |
thumper | axw: I'm going to poke things tomorrow and test | 04:51 |
thumper | but for today, I'm done | 04:51 |
thumper | night all | 04:51 |
=== axw_ is now known as axw | ||
axw | jam: I *think* the streams.canonical.com URL it's going to is correct, but what's there at the moment is in the wrong place | 07:33 |
jam | axw: that's sort of what I expect as well, and we don't really want to be using it anyway | 07:34 |
axw | that's the impression I got from wallyworld | 07:34 |
jam | the bigger question is what else did we try (and fail) and why | 07:34 |
axw | yep | 07:34 |
jam | and they don't want to use --debug because of security purposes, but that's where we dump all the URLs we try | 07:34 |
axw | It'd be good to see that in "verbose output" (that never got landed did it?) | 07:35 |
axw | thumper's stuff | 07:35 |
jam | verbose was never intended to dump step-by-step stuff,(I think) I think it was meant to stay in --debug, we just dump other useful but-maybe-dangerous stuff there. | 07:36 |
axw | when I'm bootstrapping without --debug, it can sit there doing image/tools stuff for a fair while without any feedback | 07:36 |
jam | --verbose is more about user info about what we're doing | 07:36 |
axw | yeah I suppose that is a bit too much info for general consumption | 07:37 |
jam | I think we also have a bug that we don't write the debug information for the one that actually worked :) | 07:38 |
axw | heh | 07:39 |
rogpeppe1 | mornin' all | 07:40 |
axw | hey rogpeppe1 | 07:40 |
rogpeppe1 | axw: sorry i didn't manage to do your review yesterday - am looking at it now | 07:41 |
axw | rogpeppe1: nps, thanks. actually it gave me time to make it a bit nicer :) | 07:41 |
rogpeppe1 | axw: my first thought when i looked at it was that it could probably be factored out into a separate little type | 07:41 |
dimitern | rogpeppe1, jam, https://codereview.appspot.com/38540044/ if you can please | 08:06 |
rogpeppe1 | dimitern: will do | 08:12 |
dimitern | ta! | 08:12 |
axw | rogpeppe1: do we need go.crypto pinned at the rev it's at? | 08:17 |
axw | rogpeppe1: thumper's doing some SSH key stuff and was wondering if we can move to the tip | 08:17 |
rogpeppe1 | axw: not as far as i'm aware | 08:18 |
rogpeppe1 | axw: it would be good to try tip | 08:18 |
axw | ok | 08:18 |
rogpeppe1 | axw: but it may not be possible | 08:18 |
rogpeppe1 | axw: it might have some go1.2 deps | 08:18 |
axw | yeah ok, will have to check that | 08:18 |
axw | thanks | 08:18 |
jam | axw: so... do you know why we need a juju-run process to be running if we are just ssh'ing into each machine anyway? | 08:18 |
axw | jam: I was under the impression it was not long running | 08:19 |
* axw re-reads thumper's email | 08:19 | |
jam | axw: tim's statement was that it couldn't be the existing code because the existing stuff wasn't long lived | 08:19 |
jam | at least, I thought I remembered seeing that | 08:19 |
axw | jam: are you referrng to this statement? `"juju run" is really syntactic sugar around "juju ssh" and the server | 08:20 |
axw | component "juju-run" that does the execution inside a hook context.` | 08:20 |
jam | axw: so I know Tim has a Runner object that sits on a port and lets hooks fire queries into it (the way the current one does, but apparently somehow different) | 08:21 |
jam | it might be that we "juju ssh" into each machine, fire up that juju-run process, and then have it (or something else) spawn of clients that run the script you wrote. | 08:22 |
jam | I'm not sure how it actually all ties together. | 08:22 |
jam | it sounded ilke you ssh in to poke the juju-run process | 08:22 |
jam | but it might be that you are doing "juju ssh juju-run myscript.bash" | 08:22 |
jam | well | 08:22 |
jam | for i in ???; do juju ssh $i juju ssh /usr/bin/juju-run myscript.bash; done | 08:23 |
rogpeppe1 | jam: are there some design docs for juju-run somewhere? | 08:23 |
axw | jam: sorry, I haven't actually looked at the code yet - not entirely sure. that's not how I thought it worked. what I thought was that you ssh'd in, then ran "juju-run <hook> <command>", and <command> was executed within the hook context | 08:23 |
* axw looks at code | 08:24 | |
axw | jam: so, I have only taken a very brief look, but it looks to me that the runner/socket is just for that process | 08:25 |
axw | it's just reusing the existing jujuc code | 08:25 |
axw | hrm, or maybe not | 08:26 |
jam | axw: related code, but definitely a different object | 08:29 |
jam | can anyone look at: https://codereview.appspot.com/40670043/ its been sitting for a week now | 08:30 |
axw | jam: I see; in that case, I'm not sure why SSH is required here. | 08:31 |
axw | there's still the machine case, but that's a bit different anyway | 08:31 |
axw | jam: I'll take a look | 08:31 |
axw | jam: re the juju-run stuff: how else would you do it? you'd need to put something in state, right? and then record the results there? | 08:34 |
dimitern | rogpeppe1, is it good to land? | 08:42 |
rogpeppe1 | dimitern: sorry, still reviewing axw's | 08:42 |
dimitern | rogpeppe1, ok | 08:43 |
jam | axw: so it depends what you want as a result. If you're meant to just trigger a script to run, yes. If you're meant to end up in an interactive session on the remote machine, then you'd have to ssh | 08:53 |
jam | axw: an open question, is this intended to run sequentially on all machines, or would all machines fire up at the same time | 08:54 |
jam | if parallel, then interactive session (or even printing to the screen) is pretty useless | 08:54 |
jam | if sequential, then this really scales poorly when you have 100s of machines | 08:54 |
axw | jam: my understanding is it's meant to be parallel and non-interactive, but I'm not 100% sure | 08:55 |
axw | fwereade: hah, good point about the nonces | 08:55 |
axw | fwereade: yes, pretty certain it was always "manual:..." | 08:56 |
axw | I will double check before basing anything on that tho | 08:56 |
fwereade | axw, cool, thanks | 08:56 |
fwereade | axw, I'm just on destroy-environment at last, sorry delay | 08:56 |
axw | fwereade: cool | 08:57 |
jam | axw: if non-interactive, then it seems like you *don't* want to ssh into each one. (you don't really want to fire off 100 ssh connections all at once, either) | 08:58 |
jam | btw, hi fwereade | 09:00 |
fwereade | jam, heyhey | 09:00 |
rogpeppe1 | axw: you have a review | 09:01 |
axw | rogpeppe1: thanks | 09:01 |
fwereade | jam, axw: `juju run` is non-interactive, there's juju ssh for direct interactivity | 09:02 |
axw | right | 09:02 |
fwereade | jam, axw: the actual degree of parallelism required has not been specified, but a number of ideas have been floated around the concept | 09:03 |
jam | fwereade: so some review questions... Do we want to have 'remove-machine' in a 1.16 branch? It has been approved, but it is more of a do-we-want-this-policy | 09:03 |
fwereade | jam, axw: round-robin has been mentioned; parallel has been mentioned; parallel with horrid hacked-on interactivity has ever come up | 09:04 |
fwereade | jam, what do we gain from a new 1.16 with that in? | 09:05 |
jam | fwereade: or it could be driven from the db without ssh at all? | 09:05 |
jam | fwereade: compatibility, especially with docs | 09:05 |
jam | though you still have "you must have newer than X" | 09:05 |
jam | but it would make "remove-machine" available in a stable release | 09:06 |
axw | jam: the only thing I see being an issue with going through the db is that there's no ephemeral node support to handle the edge cases around client termination | 09:07 |
axw | jam: it's not interactive, but there's still a session to maintain | 09:07 |
axw | rogpeppe1: "This should probably allow itself to be stopped when closed.j" -- do you mean use an additional select with a time.After? | 09:09 |
rogpeppe1 | axw: yeah | 09:09 |
axw | thanks | 09:09 |
jam | axw: I don't quite see how it is different from how we fire hooks normally, it is just a custom script instead of a charm hook | 09:10 |
rogpeppe1 | dimitern: reviewed | 09:10 |
dimitern | rogpeppe1, thank | 09:10 |
dimitern | s | 09:10 |
axw | jam: the main difference is that the result needs to live somewhere. who owns that? | 09:10 |
fwereade | jam, sorry, I missed the context on remove-machine | 09:12 |
fwereade | jam, did you have any thoughts re the more human vocabulary I handwaved around in that thread yesterday? | 09:13 |
jam | axw: seems easy enough to put it into the DB as a result of running the request | 09:13 |
fwereade | jam, axw: questions of how much we store and for how long become interesting | 09:14 |
jam | fwereade: so, there was a discussion that we should use "remove-*" for stuff instead of "destroy-*" and it is easy to add those aliases into a 1.16 release. I have a fairly trivial patch up, just waiting on whether we *want* to do it. Its approved, but I wanted to run it by you. | 09:14 |
fwereade | jam, so, indeed, I think I am now up to speed on it | 09:14 |
jam | fwereade: as for your natural language stuff, I think you had interesting points, but part of that is what we can evolve into, and we can have a consistent lower level terminology | 09:14 |
jam | fwereade: for juju-run, if you aggregate the results somewhere (like the DB) then you do need a way to see it (is the suggestion that normally it just prints to your console via ssh?) that still seems like a whole lot of spam unless you very carefully craft the script to give enough context so you can figure out which machine actually "failed" | 09:15 |
jam | so either, there isn't much result, so it doesn't matter, or there is some result, but you'd really rather have that logged and aggregated | 09:16 |
jam | you *can* do "juju run foo.sh >aggregate.this.txt" | 09:16 |
rogpeppe1 | jam, fwereade: is there a design doc for juju-run? i'd like to contribute to the discussion, but i don't actually know what the goals are. | 09:42 |
axw | rogpeppe1: updated | 10:23 |
rogpeppe1 | axw: re: "shouldn't this use the mutex?" | 10:26 |
rogpeppe1 | axw: it looks to me as if inst.InstanceId is inside the embedded ec2.Instance | 10:26 |
rogpeppe1 | axw: and hence should be protected by the same mutex | 10:26 |
axw | rogpeppe1: gah, so it is | 10:26 |
axw | rogpeppe1: sorry, will fix it now | 10:27 |
rogpeppe1 | axw: thanks | 10:27 |
jam | rogpeppe1: I don't know of one, but tim is the one driving it | 10:29 |
axw | rogpeppe1: updated again, sorry about that | 10:38 |
rogpeppe1 | axw: np | 10:38 |
axw | bbl | 10:41 |
jam | rogpeppe1: axw, mgz_: standup | 10:45 |
jam | https://plus.google.com/hangouts/_/calendar/am9obi5tZWluZWxAY2Fub25pY2FsLmNvbQ.mf0d8r5pfb44m16v9b2n5i29ig | 10:45 |
jam | fwereade: poke about where to put worker/provisioner/authentication.go | 12:38 |
fwereade | jam, how do you feel about environs? | 12:41 |
jam | fwereade: so "NewAPIAuthenticator" doesn't feel like it should be in environs | 12:42 |
jam | and NewEnvironAuthenticator feels ok there | 12:42 |
jam | the issue is that they both want to share the actual underlying implementation | 12:43 |
fwereade | jam, well, it's about giving access to a <handwave> environ | 12:43 |
jam | which just has a way to get a StateInfo and then populate it with its final machine password stuff | 12:43 |
fwereade | jam, I'm at least halfway inclined to just give it its own package somewhere | 12:43 |
fwereade | jam, the only thing I'm sure of is that it's not exclusive to worker/provisioner, but it is something to do with setting up instances | 12:44 |
jam | fwereade: arguably the simpleAuth code should be exposed in state/ and the others lay on top of that? | 12:44 |
fwereade | jam, state doesn't seem very correct, in every case but bootstrap I think it's api-ey really | 12:44 |
jam | well, the api server uses it internally | 12:47 |
jam | which is why NewEnviron* is still necessary | 12:47 |
fwereade | natefinch, https://codereview.appspot.com/36290043/patch/190001/200015 is going to collide with you, isn't it? | 12:57 |
natefinch | fwereade, ish. Shouldn't be a big deal. | 13:05 |
=== gary_poster|away is now known as gary_poster | ||
mattyw | fwereade, jam I still can't reproduce the problem in https://code.launchpad.net/~mattyw/juju-core/add-owner-to-service/+merge/191192. I sometimes see Error: Test left sockets in a dirty state but no other errors (although that happens on trunk as well - has done for a while) | 13:18 |
mattyw | ^^ any idea what might be going wrong? | 13:19 |
jam | mattyw: we've had some issues with flaky tests, I just wanted to know if this was caused by your change. As it doesn't seem related, I'll just submit again. | 13:19 |
jam | fwereade: when are we running mongo without ssl? | 13:20 |
mattyw | jam, ok thanks - I'll keep an eye on it | 13:20 |
natefinch | man, this USB ethernet adapter crashing my laptop is not cool (especially given there is no ethernet plug on the laptop)..... | 14:01 |
natefinch | anyway, I have to go snowblow my driveway, which will probably take me a couple hours all told. | 14:02 |
natefinch | jam, rogpeppe1: I verified that the test failure I'm having definitely is only happening with mongo 2.2, and not 2.4. Not sure exactly why yet, but now that I can A/B test easily, I should be able to figure it out. | 14:03 |
=== natefinch is now known as n8f-snowblow | ||
fwereade | jam, sorry I missed you -- it's for the store... but I am suddenly suspicious of the Right Thing to do there | 14:06 |
fwereade | jam, I think it's probably better to factor out the existing store test harness and use that | 14:06 |
fwereade | jam, than to introduce a fresh entanglement between the two | 14:07 |
rogpeppe1 | wow, my internet is super flaky today | 14:20 |
rogpeppe1 | can anyone see this? | 14:20 |
mattyw | rogpeppe1, I can | 14:28 |
rogpeppe1 | mattyw: ok, that's something at least :-) | 14:29 |
mattyw | rogpeppe1, also - I'm getting a "x509: certificate is valid for *" error when trying to connect to the core api on 17070 (it seems to happend in my call to websocket.Dial) | 14:29 |
mattyw | is there a particular version of websocket I should be using do you think? | 14:30 |
rogpeppe1 | mattyw: could you paste the code that you're using to dial? | 14:30 |
rogpeppe1 | mattyw: in general, you should be using the state/api package to connect to the API | 14:30 |
rogpeppe1 | mattyw: (assuming you're using Go) | 14:30 |
mattyw | rogpeppe1, I am, I was just kinda messing around with connecting to the websocket in go | 14:31 |
rogpeppe1 | mattyw: you can connect if you use InsecureSkipVerify | 14:32 |
mattyw | rogpeppe1, ws, err := websocket.Dial("wss:/adr:17070", "", "http://localhost") | 14:32 |
mattyw | ah, I'm not doing any tls at all | 14:33 |
rogpeppe1 | mattyw: otherwise your client won't know about the root CA cert that's used for the server | 14:33 |
rogpeppe1 | mattyw: you *are* doing tls | 14:33 |
rogpeppe1 | mattyw: that's the "wss:" thing | 14:33 |
mattyw | rogpeppe1, but I'm not setting up any tls config | 14:33 |
rogpeppe1 | mattyw: ah yes. | 14:34 |
mattyw | (which is what I meant in my head at least :)) | 14:34 |
rogpeppe1 | mattyw: look at how it's done in state/api/apiclient.go:/Open | 14:34 |
mattyw | rogpeppe1, will do, thanks again | 14:34 |
axw | rogpeppe1: https://codereview.appspot.com/43650045 exercises the Addresses/Refresh code in provider/ec2 | 14:35 |
rogpeppe1 | axw: looking | 14:35 |
axw | rogpeppe1: I updated provider/ec2 again, there was a bug | 14:35 |
mattyw | rogpeppe1, thanks for the acme-friendly shortcut ;) | 14:35 |
rogpeppe1 | mattyw: are you using acme now? | 14:36 |
rogpeppe1 | axw: what was the bug? | 14:38 |
axw | rogpeppe1: Addresses was holding the lock around refresh(), which called inst.Id() and took the lock | 14:40 |
axw | well, tried to | 14:40 |
axw | so, deadlock | 14:41 |
rogpeppe1 | axw: ah, good thing i suggested the test then :-) | 14:41 |
axw | very | 14:41 |
rogpeppe1 | axw: i still think we should use AddScripts rather than AddFile - someone might change AddFile to use the cloudinit write_files feature, which would then potentially break the nonce.txt logic | 14:43 |
axw | rogpeppe1: fair point | 14:43 |
axw | ok, I'll change it | 14:43 |
rogpeppe1 | axw: thanks | 14:43 |
* rogpeppe1 goes for lunch | 14:43 | |
jamespage | hazmat, re mongodb build without scripting - which scons option are you referring to? I can toggle between v8 and spidermonkey in our current source package (2.4.8) but I can't figure out how to disable it completely | 14:55 |
axw | rogpeppe1: can you please approve the ec2test MP when you're back? I'm not in the group | 14:55 |
hazmat | jamespage, usev8 | 14:56 |
axw | rogpeppe1: and/or merge it if there's no bot | 14:56 |
hazmat | jamespage, https://github.com/mongodb/mongo/blob/master/SConstruct#L452 | 14:56 |
hazmat | jamespage, it comes up a few times.. agreed its not clear if its toggle for spidermonkey or disable | 14:57 |
jamespage | hazmat, it certainly was | 14:57 |
jamespage | but upstream don't ship spidermonkey any longer | 14:57 |
jamespage | "--usesm" | 14:57 |
hazmat | jamespage, so reaching out to upstream sounds like the thing to do.. i don't see the usesm option in trunk scons. | 14:59 |
hazmat | either that or trying a build without the v8 option | 14:59 |
jamespage | hazmat, no its gone | 14:59 |
jamespage | hazmat, if you don't specify it default to v8 | 14:59 |
jamespage | I'll poke at it a bit | 14:59 |
* hazmat fires up a build on a spare server | 14:59 | |
dimitern | jam, rogpeppe1, https://codereview.appspot.com/43860043 AddCharm via the API | 15:30 |
axw | fwereade: the nonce for manual bootstrap nodes does not start with "manual:". do you think it's still okay to use it, documenting that? | 15:35 |
rogpeppe1 | niemeyer: does this look reasonable to you? https://codereview.appspot.com/43650045/ | 15:36 |
axw | fwereade: that case *could* be detected by checking that id == "0" && extracting the provider type from EnvironConfig, but that's pretty heavy handed | 15:37 |
fwereade | axw, hmm, possibly, I don't suppose that one has any useful distinguishing features? | 15:37 |
axw | fwereade: not that I've thought of so far | 15:37 |
niemeyer | rogpeppe1: What happens in practice? | 15:37 |
niemeyer | rogpeppe1: I mean, what is the real EC2 doing about this? | 15:37 |
rogpeppe1 | niemeyer: the DNS name appears some time after the instance has been started | 15:37 |
axw | fwereade: its instance-id is "manual:", but we've established that's not good enough to rely on | 15:38 |
rogpeppe1 | niemeyer: so any realistic client will need to poll it | 15:38 |
niemeyer | rogpeppe1: Sounds good then | 15:38 |
rogpeppe1 | niemeyer: cool, thanks | 15:38 |
niemeyer | rogpeppe1: np, thanks for asking | 15:38 |
rogpeppe1 | axw: will submit now | 15:39 |
fwereade | axw, you know, I'm not so bothered by the weight as I am by the correctness | 15:39 |
fwereade | axw, it's not a cost we'll be paying often enough to worry about, I think | 15:39 |
axw | rogpeppe1: thanks | 15:39 |
axw | fwereade: true | 15:40 |
axw | fwereade: in fact, I won't even be passing it in in my case, because I don't check manager machines | 15:40 |
=== mgz_ is now known as mgz | ||
fwereade | axw, thought that might be the case | 15:40 |
axw | fwereade: so, now might be a good time to change the provider name from "null" to "manual" | 15:41 |
fwereade | axw, please still test that behaviour in case we do ever end up with demoted machine 0s ;) | 15:41 |
axw | certainly | 15:41 |
fwereade | axw, most certainly, but I suspect that may take some finessing around upgrades | 15:41 |
fwereade | axw, *maybe* you could get away with registering the same provider twice under different names..? | 15:42 |
axw | hmm maybe, will have to see. I can make this code check for either "null" or "manual" for now | 15:43 |
rogpeppe1 | axw: FYI i just got this error when bootstrapping: | 15:47 |
rogpeppe1 | Connection to ec2-54-196-224-38.compute-1.amazonaws.com closed. | 15:47 |
rogpeppe1 | error: cannot open state: cannot create log collection: unauthorized mongo access: unauthorized | 15:47 |
rogpeppe1 | axw: i haven't looked into it but i suspect something is trying to talk to mongo before it's ready | 15:47 |
axw | rogpeppe1: hmm, there's no changes regarding mongo communications in synchronous bootstrap | 15:49 |
axw | rogpeppe1: are you on trunk? | 15:50 |
rogpeppe1 | axw: yeah | 15:50 |
axw | rogpeppe1: with my just-merged branch? | 15:51 |
axw | I'll test it again | 15:51 |
rogpeppe1 | axw: hmm, not sure | 15:51 |
axw | rogpeppe1: shouldn't actually matter, just curious | 15:51 |
rogpeppe1 | axw: it's the kind of thing that wouldn't happen very often, if it's what i suspect | 15:51 |
rogpeppe1 | axw: i'll see if it happens again | 15:52 |
rogpeppe1 | axw: your goamz branch is now merged | 15:53 |
axw | rogpeppe1: great, thanks | 15:53 |
axw | rogpeppe1: ah, I should've updated dependencies.tsv... will do that now | 15:54 |
rogpeppe1 | axw: good point | 15:54 |
rogpeppe1 | axw: revno 44 | 15:54 |
axw | thanks | 15:54 |
=== n8f-snowblow is now known as natefinch | ||
rogpeppe1 | axw: ah, it's not bootstrap's fault at all | 15:56 |
rogpeppe1 | axw: i just wasn't printing enough log messages | 15:56 |
axw | rogpeppe1: thanks for checking | 15:57 |
* rogpeppe1 reboots | 15:59 | |
axw | night all | 16:10 |
dimitern | natefinch, ping | 16:14 |
dimitern | natefinch, can you take a look at this please? since roger is not around. https://codereview.appspot.com/43860043 | 16:14 |
natefinch | dimitern, sure | 16:22 |
=== BradCrittenden is now known as bac | ||
mattyw | fwereade, I guess we should have a chat about the next stage of the juju id stuff | 16:47 |
natefinch | dimitern, can we put Info in the charm.Repository interface? I'd much prefer that than doing some casting to anonymous interfaces to access that method. | 17:14 |
dimitern | natefinch, actually, I wasn't sure about using Info() or maybe just lazy not to calculate the sha256 from the already downloaded file | 17:19 |
dimitern | natefinch, i'll change that to use only Get and read and calculate the hash from the downloaded charm | 17:20 |
natefinch | that also works | 17:21 |
=== alexlist` is now known as alexlist | ||
rogpeppe | dimitern: you've got a review | 18:36 |
rogpeppe | natefinch, dimitern: i made an alternative suggestion | 18:36 |
rogpeppe | natefinch, dimitern: which hopefully works out a bit simpler than calculating the hash yourself | 18:36 |
* rogpeppe is done for the day | 19:01 | |
rogpeppe | darn juju-restore is destroying its own re-bootstrapped machine | 19:04 |
rogpeppe | g'night all | 19:04 |
natefinch | thumper, morning | 19:29 |
thumper | o/ natefinch | 19:29 |
* thumper trawls through the overnight emails | 19:29 | |
natefinch | thumper, how's your knowledge of mongo? | 20:26 |
thumper | natefinch: virtually non-existent | 20:27 |
natefinch | thumper, heh. My HA tests are failing on 2.2 but passing on 2.4.... and I can't figure out why. | 20:27 |
thumper | hmm... trying to bootstrap ec2 failed with an error around simple streams | 20:40 |
thumper | WARNING no tools available, attempting to retrieve from https://streams.canonical.com/juju | 20:40 |
thumper | ERROR bootstrap failed: cannot find bootstrap tools: XML syntax error on line 9: element <hr> closed by </body> | 20:40 |
natefinch | thumper sounds like you might be getting a 404 not found page instead of the XML you're supposed to get, and it's trying to parse the page's HTML | 20:56 |
thumper | natefinch: that's what I thought too | 20:56 |
thumper | but since I actually needed to upload tools | 20:56 |
thumper | it was a convenient error | 20:56 |
natefinch | heh | 20:57 |
natefinch | thumper, it does worry me that we're not checking the http error code before trying to parse what's returned, though | 20:57 |
thumper | heh | 20:58 |
thumper | yeah | 20:58 |
thumper | should file a bug | 20:59 |
thumper | I'm now confused... | 20:59 |
thumper | with my work | 20:59 |
thumper | WTF! | 21:01 |
thumper | natefinch: hangout? | 21:01 |
thumper | it might help if I talk this through | 21:01 |
natefinch | sure... one sec | 21:03 |
thumper | natefinch: I worked it out :) | 21:05 |
natefinch | thumper, ha, ok, cool | 21:05 |
thumper | dumb permissions... | 21:05 |
natefinch | thumper, heh, something like that happened when I was building mongo from source yesterday. 30 minute build, fails at the very end with a permissions issue. | 21:06 |
thumper | I have code that now creates a juju system ssh identity file and adds to the authorized keys | 21:06 |
thumper | and it works for ec2 and local | 21:06 |
thumper | so probably everything | 21:07 |
thumper | although care should be taken with manual | 21:07 |
=== hatch_ is now known as hatch | ||
=== gary_poster is now known as gary_poster|away | ||
thumper | wallyworld_: o/ | 22:42 |
wallyworld_ | heloooo | 22:43 |
thumper | wallyworld_: good break? | 22:43 |
wallyworld_ | so many emails | 22:43 |
thumper | :) | 22:43 |
wallyworld_ | yeah, no internet | 22:43 |
wallyworld_ | great result in the cricket :-D | 22:43 |
thumper | wallyworld_: I'm heading off to the gym shortly, but we have a scheduled call in just over 2 hours | 22:43 |
wallyworld_ | yep | 22:43 |
thumper | so we can chat then | 22:43 |
wallyworld_ | ok | 22:43 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!