/srv/irclogs.ubuntu.com/2015/01/16/#juju.txt

=== cppforlife is now known as cppforlife_
=== seelaman` is now known as seelaman
=== 18VABY2RP is now known as lazyPower
=== beuno_ is now known as beuno
jobot	Hello, I have tried to create my first charm. The install hook is here: http://paste.ubuntu.com/9759291/ , it fails on line 44 saying that the site does not exist. If you wouldn't mind giving me some guidance on this hook, it would be appreciated	01:57
sarnold	jobot: I -think- you need to change this name: /etc/apache2/sites-available/suitecrm to /etc/apache2/sites-available/suitecrm.conf	01:59
sarnold	jobot: there was a change somewhere along the way that I -think- requires the .conf extension on those files now.	01:59
jobot	Ok. Thank you. I will try that :)	02:00
blr	on utopic, cloud-utils is marked recommends for lxc-templates, which appears to result in failed container creation with the local provider	02:16
blr	potentially I just had my machine in a weird state, but it seems curious.. might try in a clean vm	02:17
=== kadams54 is now known as kadams54-away
=== axw_ is now known as axw
=== paulproteus_ is now known as paulproteus
=== kadams54 is now known as kadams54-away
=== urulama__ is now known as urulama
=== Spads_ is now known as Spads
Muntaner	good morning	08:54
Muntaner	I'm quite new to Juju and having problems	08:55
Muntaner	can anyone help me? Am I in the right place?	08:55
Odd_Bloke	Muntaner: You are in the right place; ask a question and hopefully somebody will be able to answer it. :)	08:57
Muntaner	ok! I have two laptops connected to the same networks, 192.168.0.194 and 192.168.0.197	08:58
Muntaner	on the second one, I installed devstack to do some tests	08:58
Muntaner	and I'm trieing to deploy services from the first laptop	08:59
Muntaner	with Juju, naturally :)	08:59
Muntaner	I set all the fields with juju-quickstrap	08:59
Muntaner	and I get this error:	08:59
Muntaner	RROR juju.cmd supercommand.go:323 index file has no data for cloud {RegionOne http://192.168.0.197:5000/v2.0} not found	08:59
Muntaner	is the devstack installation "incomplete" or I am doing something wrong on the first laptop?	09:00
Muntaner	it seems like the file "index.json" is missing from the devstack computer... I can read errors like these:	09:01
Muntaner	DEBUG juju.environs.simplestreams simplestreams.go:419 fetchData failed for "http://192.168.0.197:8080/v1/....../images/streams/v1/index.sjson": failed to GET object images/streams/v1/index.sjson from container con-366ffb69922d4b7892e6bef717239473	09:03
Muntaner	and now I'm quite lost, don't know exactly what o do	09:06
Muntaner	to do *	09:06
dimitern	Muntaner, can you give me a bit more background please	09:07
dimitern	?	09:07
Muntaner	whatever you need!	09:07
dimitern	Muntaner, how is your deployment structured - 2 machines, each with 2 network interfaces?	09:08
Muntaner	two laptops, connected to the same network with internet access. They have the local IPs I wrote - 192.168.0.194 and 192.168.0.197	09:08
Muntaner	I'm pretty sure they can see each other (from the first one, I'm able to login in the devstack running on the second one via the web browser)	09:09
dimitern	ok, so are these IPs configured via DHCP or statically?	09:09
Muntaner	Probably static - I can't manage the network configuration	09:10
dimitern	Muntaner, also, it will help if you can use paste.ubuntu.com to share some logs to see what errors you're getting	09:10
dimitern	Can you give me a summary of the commands/operations you used?	09:11
Muntaner	here it is: http://paste.ubuntu.com/9760532/	09:12
Muntaner	I used some basic commands... juju init, juju bootstrap, juju quickstart etc.	09:13
dimitern	so you're using juju-quickstart - let me ask some of the folks working on this	09:13
dimitern	rick_h_, hey, can you have a look at that log please ? ^^	09:13
Muntaner	yes, yesterday I arrived to the same error by configuring manually environments.yawl	09:14
dimitern	how did you install juju-quickstart?	09:15
Muntaner	1217 sudo add-apt-repository ppa:juju/stable	09:15
Muntaner	1218 sudo apt-get update	09:15
Muntaner	1219 sudo apt-get install juju-quickstart	09:15
Muntaner	if needed, I can copypaste my environments.yawl aswell	09:15
urulama	dimitern: i'll ping frankban to look at that log, he should be joining soon.	09:16
dimitern	Yes please - you can redact keys/passwords/etc. from it first	09:16
dimitern	thanks urulama!	09:16
Muntaner	here it is my environments.yawl: http://paste.ubuntu.com/9760545/	09:18
Muntaner	control-bucket and admin-secret have been autogenerated by clicking on the option in juju-quickstart	09:18
dimitern	Muntaner, hmm.. ok so I believe the issue is you'll need to run sync-tools first to generate metadata for your private openstack installation	09:19
Muntaner	I'll ask a very silly question now:	09:19
dimitern	Muntaner, I'll give you more info in a sec	09:19
Muntaner	do the laptop with devstack need to install anything about juju?	09:19
Muntaner	because, right now, it has nothing installed - just devstack	09:19
dimitern	Muntaner, assuming you want to use the devstack laptop as "the cloud", no - you install the juju client (quickstart does that for you) and use it to bootstrap an environment on the other laptop	09:20
Muntaner	exactly, that was the test I wanted to do	09:21
Muntaner	just to get involved into the software and try some charms	09:21
dimitern	Muntaner, that's awesome - thanks for trying Juju out!	09:23
dimitern	Muntaner, I'm checking a few places first, but I think I can help you with your issue	09:23
Muntaner	Thanks, I already tried it in my laptop only - deploying Wordpress + MySQL has been a piece of cake :)	09:23
dimitern	sweet!	09:25
dimitern	Muntaner, ok, so let's try the easiest thing first	09:30
dimitern	Muntaner, add the following to your environsments.yaml, e.g. just after the line "username:", with the same indentation	09:30
dimitern	Muntaner, agent-metadata-url: https://streams.canonical.com/juju/tools	09:32
dimitern	Muntaner, sorry - for 1.20.x use "tools-metadata-url" instead	09:33
dimitern	or agent-metadata-url	09:33
Muntaner	ok, I try now and give feedback	09:33
dimitern	..instead *of	09:33
dimitern	Muntaner, then, run $ juju bootstrap --debug 2>&1 > juju-bootstrap.log and paste that please	09:34
Muntaner	seems like nothing changed - juju-bootstrap.log is empty	09:36
Muntaner	I can copypaste whatever is needed	09:37
dimitern	Muntaner, did you see output on the console?	09:38
Muntaner	yes, looks like they are the same errors	09:38
Muntaner	http://paste.ubuntu.com/9760633/	09:39
Muntaner	new environments -> http://paste.ubuntu.com/9760637/	09:39
dimitern	Muntaner, hmm.. that's weird.. I'll have a look at the code to see what's happening	09:40
dimitern	Muntaner, before anything - please try running $ juju-quickstart --upload-tools --debug and paste the log	09:43
Muntaner	yes, just a sec	09:45
dimitern	btw I've reported a bug for your issue against quickstart, so we can think how to improve the experience in cases like yours - https://bugs.launchpad.net/juju-quickstart/+bug/1411574	09:53
mup	Bug #1411574: quickstart should detect private clouds somehow and generate metadata url in the environments.yaml <juju-quickstart:Confirmed> <https://launchpad.net/bugs/1411574>	09:53
dimitern	Muntaner, you might later try following the docs here - https://juju.ubuntu.com/docs/howto-privatecloud.html#deploying-private-clouds	09:55
Muntaner	I'm back now, sorry	09:56
Muntaner	result of juju-quickstart --upload-tools --debug: http://paste.ubuntu.com/9760712/	09:59
dimitern	Muntaner, thanks, it's weird how nothing has changed though.. try $ juju metadata validate-images and then also $ juju metadata validate-tools ?	10:05
Muntaner	so	10:07
Muntaner	juju metadata validate-images: http://paste.ubuntu.com/9760764/	10:08
Muntaner	and juju metadata validate-tools: http://paste.ubuntu.com/9760771/	10:09
=== rvba` is now known as rvba
Muntaner	shall I try something else, guys?	10:19
dimitern	Muntaner, thanks, will get back to you shortly	10:23
Muntaner	ok!	10:24
dimitern	Muntaner, let's try adding "images-metadata-url: http://cloud-images.ubuntu.com/releases/" to environments.yaml and re-run $ juju metadata validate-images	10:40
Muntaner	at the moment devstack isn't running - I'll try this in minutes	10:42
Muntaner	sorry	10:42
dimitern	ok, no worries	10:43
Muntaner	did we just discover an hidden bug or this may be my bad configuration of the "net" ?	10:44
dimitern	Muntaner, well, for one - it's definitely a bug with quickstart, as the user experience can be improved	11:04
dimitern	Muntaner, but the reason it fails is insufficient configuration, so it's not a juju bug - at least not yet	11:05
Muntaner	aw ok. Now, I'm installing Ubuntu Server on the devstack laptop	11:09
dimitern	Muntaner, what happened with devstack btw? why do you need to do this now?	11:10
Muntaner	dimitern, laptop owner decided to do so, needs Ubuntu server for other stuff. Btw, the previous devstack installation is "safe" on another partition with Linux Mint (the OS with who I was experimenting and encountered the problems)	11:13
dimitern	Muntaner, ok, thanks for the info; I'll need to finish some other stuff now, but please let me know if you still have issues later.	11:14
gnuoy`	jamespage, did you see my request for a review of https://code.launchpad.net/~gnuoy/charms/trusty/ceph-radosgw/next-support-ha/+merge/243263 if you have time?ay ?	11:17
Muntaner	dimitern, I did what you suggested	12:33
Muntaner	I get the same error	12:33
dimitern	Muntaner, what did you do last?	12:34
Muntaner	I'm pasting it for you	12:34
Muntaner	http://paste.ubuntu.com/9761344/	12:35
Muntaner	the environments.yawl is: http://paste.ubuntu.com/9761347/	12:35
dimitern	Muntaner, I think I have a solution - try theses steps: 1) keep tools-metadata-url set as before; 2) run $ juju metadata generate-images -d $HOME/.juju/metadata (paste any errors); 3) run $ juju metadata validate-images -d $HOME/.juju/metadata (should be fine, but again paste any errors); 4) run $ juju bootstrap --debug --metadata-source $HOME/.juju/metadata and paste the output	12:37
dimitern	Muntaner, but first, remove "images-metadata-url" from environments.yaml	12:37
Muntaner	dimitern, error: unrecognized command: metadata generate-images	12:39
dimitern	Muntaner, sorry - generate-image	12:40
Muntaner	ok!	12:40
Muntaner	dimitern, ERROR image id must be specified	12:41
Muntaner	I'll be back in an hour	12:41
Muntaner	boss calling, see you later	12:41
dimitern	ok	12:42
Muntaner	and thanks :)	12:42
dimitern	Muntaner, np - re that error, yes sorry - specifying image id (-i <..>) for generate-image is required. You need to know your devstack available images. Here's an article providing pretty much all you need I think - http://blog.felipe-alfaro.com/2014/04/29/bootstraping-juju-on-top-of-an-openstack-private-cloud/	13:01
=== Darkwing_ is now known as Darkwing
=== jrwren_ is now known as jrwren
Muntaner	dimitern, thanks, I'm following that post	13:49
dimitern	great!	13:52
dimitern	please let me know if you're successful	13:52
Muntaner	dimitern, is it hard to write own charms?	14:25
dimitern	Muntaner, :) depends on what the charm does, but for simple things it's not hard at all	14:26
dimitern	Muntaner, here's the right place to ask just this - any one of the guys like jcastro, lazyPower, mbruzek, from the ecosystem team can help you with that	14:29
lazyPower	o/	14:29
* lazyPower reads scrollback		14:29
jcastro	hi!	14:29
dimitern	:)	14:29
lazyPower	Muntaner: thats subjective :) but if you were to ask me 1:1 i'd say - "Charm development isn't hard - but writing good charms requires a fair amount of thought and testing"	14:31
Muntaner	it's fine! was just curious about that ;)	14:31
Muntaner	btw, dimitern	14:31
Muntaner	I'm reading that post, I jumped the whole part inerent to OpenStack Glance	14:31
lazyPower	thats one of the things I love about charm development, its like any other software project. its an iterative process and you can prototype quickly in bash before you commit to a config management framework	14:31
lazyPower	regardless of that being something like chef/puppet or using our own charm helpers libraries to greenfield develop in python.	14:32
dimitern	Muntaner, yeah - that happens to be the most important part :)	14:39
nicopace	Muntaner: two days ago, i implemented a simple charm pretty quickly. You can look at it, it is pretty small in LOCs :) https://code.launchpad.net/~nicopace/+junk/simplewebservercharm	14:39
Muntaner	in your opinion, what is the best language to implement charms? is Java fine?	14:43
mbruzek	Muntaner you could	14:44
mbruzek	Muntaner: but as a Java developer I have tried that and it is not easy.	14:44
jrwren	Muntaner: python	14:44
mbruzek	Muntaner: Technically you could write a charm in anything that runs on Ubuntu	14:44
jrwren	Muntaner: the charm-helpers library makes python for charms the best.	14:45
mbruzek	Muntaner: but setting up the Java environment was a hassle for me, just to write the charm hooks in Java	14:45
jrwren	you'd have to write part of the install hook in some other language to install the JRE.	14:46
mbruzek	but Muntaner it can be done	14:46
lazyPower	Muntaner: the fact is we support close to anything/everything - so long as you can encapsulate the logic in a format that resembles the events we model with the hooks. So as a java developer you can certainly write hooks in java but your pre-install will require you to install a JRE, and any third party deps you require - another option would be to write them in scala which is similar to java, but not quite right?	14:46
jrwren	scala:java::ocaml:C++	14:47
Muntaner	ok, I understand. Thanks for this lot of info	14:48
mbruzek	Muntaner: As a fellow Java Developer, I would be willing to help you with any questions you might have. Please feel free to IM me on IRC	14:49
Muntaner	mbruzek, thanks a lot :)	14:49
mbruzek	no problem at all	14:49
jose	mbruzek, lazyPower, marcoceppi_, tvansteenburgh1: if any of you guys have a minute to do a review, I've got a critical security fix on the waitlist (queue not updating), mind taking a look? https://code.launchpad.net/~jose/charms/precise/owncloud/fix-poodle/+merge/246208 https://code.launchpad.net/~jose/charms/trusty/owncloud/fix-poodle/+merge/246205	15:11
jshieh	sorry to be off topic, but looking for macfarlan or a. rosales...a good channel to find either of them?	15:24
lazyPower	jshieh: arosales is CO based and should be around within the hour here.	15:24
lazyPower	jose: in standup will sync with you afterwords	15:24
jshieh	okay	15:24
jose	soudns good, thanks lazyPower!	15:25
=== Guest8667 is now known as balloons
=== roadmr is now known as roadmr_afk
Muntaner	dimitern, got some news	16:15
dimitern	Muntaner, is it good? :)	16:17
Muntaner	dimitern, no, lol, I got new errors	16:21
Muntaner	dimitern, if you want I can copypaste them for you	16:22
dimitern	Muntaner, yes please	16:25
Muntaner	dimitern, http://paste.ubuntu.com/9762355/	16:27
Muntaner	care, it's quite long	16:27
=== roadmr_afk is now known as roadmr
=== kadams54 is now known as kadams54-away
arosales	jshieh: hello	16:41
arosales	sorry my network was done earlier this morning	16:41
=== kadams54-away is now known as kadams54
Muntaner	dimitern, I'm going crazy, lol	16:56
dimitern	Muntaner, much better!	16:57
dimitern	Muntaner, you've managed to bootstrap almost :)	16:57
Muntaner	dimitern, wow! :D	16:57
Muntaner	dimitern, yep, what remains now?	16:57
dimitern	Muntaner, but the image metadata seems incomplete - try validate-images and also make sure that image id b2731f9e-6971-4c91-bea3-39aa0e23e15b is in it	16:58
=== kadams54 is now known as kadams54-away
=== kadams54-away is now known as kadams54
dimitern	Muntaner, but first - change tools-metadata-url back and drop --upload-tools from bootstrap	17:00
dimitern	*back to what it used to be (I see it empty)	17:00
dimitern	I have to go unfortunately	17:01
=== urulama is now known as urulama__
=== kadams54 is now known as kadams54-away
=== mbarnett` is now known as mbarnett
nicopace	Hi guys.. is there any way that a charm is run using python2?	18:22
asanjar	mwak_: hi there, cory_fu said you had some issues with hadoop charm?	18:23
cory_fu	asanjar: mwak_ had to leave for the weekend. :/	18:24
cory_fu	We'll have to reconvene on Monday	18:25
asanjar	cory_fu: do you have his email?	18:25
cory_fu	No. :/	18:25
asanjar	okay then, we wait till Monday	18:25
jrwren	nicopace: What do you mean? charm hooks are run as binaries or #! directive. #!/usr/bin/python is python2	18:26
nicopace	yes... when i specify python3 as the hook.py interpreter, it say 'bad interpreter'	18:27
nicopace	i ssh-ed into the unit, and it seems python3 is not installed!	18:27
nicopace	jrwren: ^	18:28
avoine	nicopace: try with #!/usr/bin/env python2	18:30
lazyPower	nicopace: is this a precise host? i tend to use env to route those properly	18:30
avoine	or just #!/usr/bin/env python actually	18:31
lazyPower	also just saw your email to the list about apache2 tests - i haven't dug in, but thanks for taking a look at that :)	18:31
nicopace	oh... if it is precise it uses python2 by default?	18:31
nicopace	lazyPower: :D	18:31
lazyPower	nicopace: python2 is default across precise/trusty	18:32
lazyPower	but trusty has python3 interpreter in the base image i do beleive, if not its a simple apt-get install away	18:33
nicopace	avoine, lazyPower: that actually works, but as i'm using charmhelpers i need python3	18:33
lazyPower	charmhelpers is python2 compliant	18:33
lazyPower	as is amulet	18:33
nicopace	that's strange... i think it is failing because it requires six	18:34
lazyPower	can you hand me a stacktrace of what you're looking at? we've had some issues with test dependencies in the past	18:34
nicopace	sure	18:34
lazyPower	i think tvansteenburgh1 was the one that put a lot of those fixes in place during our last bug-run.	18:34
lazyPower	he's kind of a big deal when it comes to fixing python dependency chains :)	18:35
=== kadams54 is now known as kadams54-away
=== kadams54-away is now known as kadams54
nicopace	lazyPower: http://paste.ubuntu.com/9763023/	18:40
nicopace	the problem is that charmhelpers is requiring six, and it is not installed	18:41
lazyPower	yep, missing python dependency on the host. Which provider is this?	18:41
nicopace	lxc	18:41
lazyPower	interesting, thats a cloud image.	18:41
lazyPower	if you add python-six to the install routine of the charm does it work as expected?	18:42
lazyPower	as in (apt-get install python-six)	18:42
nicopace	i can't, as i'm using hooks.py	18:42
nicopace	well... i can, but i have to add a middleman	18:42
lazyPower	nicopace: typically when there are pre-deps the install hook becomes a shell script that then calls hooks.py	18:50
captine	eve all. can someone point me to where i can figure out what is causing the below (first time trying juju and trying to get it to use br0 for local containers to get network ip's..	18:53
captine	ERROR juju.provisioner provisioner_task.go:418 cannot start instance for machine "2": container failed to start	18:53
captine	same error for machine 1	18:53
lazyPower	captine: that can be for a variety of reasons and its not really clear unfortunately	18:55
lazyPower	captine: i'm assuming this is with regard to bridging for reaching into the containers from outside your host right?	18:56
captine	lazyPower, am guessing	18:56
captine	since the last time we were chatting, i havent looked at things until now	18:56
lazyPower	captine: when we last left off, we had just gotten the bridge adapter created and you were working through a bootstrap	18:58
captine	yip	18:58
lazyPower	we need to look @ your template container configs and ensure the networking was applied to those - i'm betting it wasnt and we have a few options	18:58
captine	template container configs?	18:59
lazyPower	you'll need inspect the 'config' file in /var/lib/lxc/juju-$series-lxc-template	18:59
lazyPower	i bet its pointing at lxcbr0	18:59
lazyPower	these template containers get cloned to create the local provider machines	18:59
captine	ok	18:59
captine	let me check it	19:00
lazyPower	the line we are concerned with is: lxc.network.link = lxcbr0	19:00
lazyPower	you'll need to change that to br0 and give it another go	19:00
captine	changed them both	19:01
captine	so now do i destroy the 2 machiens	19:01
captine	and bootstrap again?	19:01
lazyPower	yep	19:02
captine	ok. crossing fingers	19:04
nicopace	lazyPower: sorry, i had to go out for some minutes	19:05
nicopace	i understand	19:05
nicopace	i'll try that	19:05
nicopace	thanks!	19:05
lazyPower	nicopace: no worries	19:05
captine	lazyPower, assuming this works, is there a way to stop the lxc containers starting automatically? may want to only start manually>?	19:05
lazyPower	captine: there is but i'm not aware off teh top of my head	19:05
captine	np. will google	19:06
lazyPower	i'm fairly certain we are generating jobs in /etc/lxc/autostart or something similar to that	19:06
lazyPower	it should be as simple as removing those, but i cannot be certain as I have not done so before. Typically when i have containers I want to control i dont create them with juju	19:06
lazyPower	i build them with lxc-create	19:06
stub	nicopace: if you look at charmhelpers/__init__.py you should see some bootstrap code that installs python-six packages. If it is empty, you can fix it by getting that file synced in.	19:07
captine	lazyPower, does it work the same way with lxc-create?	19:08
captine	would i need to do something to get br0 to be used?	19:08
lazyPower	captine: its 100% manual. you get zero magic from juju	19:08
captine	ah	19:09
captine	lazyPower, not sure it is working. agent state has been "pending" for 10 minutes	19:19
lazyPower	captine: it should be up within 30 seconds depending on disk io	19:19
lazyPower	so, if its still pending we have hit another issue	19:20
captine	maybe i didnt destroy everything correctly.	19:20
lazyPower	what I suggest is actually removing those templates	19:20
lazyPower	destroy-environment, remove the templates	19:20
captine	from /var/lib/lxc/juju	19:20
lazyPower	sudo lxc-destroy --name	19:20
lazyPower	remove any containers that are related to juju, destroy the local environment with -y --force, and then start from step 1, it'll re-download the templates and generate them according to teh config	19:21
captine	lxc-destroy -- is that to remove the templates	19:22
captine	or do i just rm -rf the templates?	19:22
captine	from /var/lib....	19:22
lazyPower	i would use lxc-destroy	19:22
lazyPower	we're basically resetting your local provider environment to square 1	19:23
lazyPower	by removing the templates and containers, we're eliminating any traces of old config	19:23
lazyPower	and letting juju perform the setup according to the files we edited in our prior session	19:23
captine	ok	19:24
captine	done.	19:24
captine	noting in /var/lib/lxc/	19:24
captine	bootstrapping now	19:25
marcoceppi_	lazyPower arosales jcastro: maas just got a little more interesting https://insights.ubuntu.com/2015/01/15/virtualbox-extensions-for-maas/	19:29
lazyPower	nice!	19:29
captine	lazyPower, still not working. should i remove lxc and juju with apt-get purge? then start again?	19:33
lazyPower	captine: its hard to say depending on why the containers are failing to start. can you try starting the container manually so we can debug?	19:33
captine	lazyPower, so the container is not up ( "1":	19:34
captine	instance-id: pending	19:34
captine	series: trusty	19:34
captine	how do i manually start that (sorry for pasting multiple rows. didnt think it would do that)	19:34
lazyPower	sudo lxc-start --name $container-name -d	19:35
captine	so would the name be "1"?	19:35
lazyPower	negative, thats in the output from sudo lxc-ls --fancy	19:35
captine	well. guess what. my machine must just be slow	19:36
captine	just checked status again, and i see an ip address	19:36
captine	woohooo	19:36
lazyPower	nice :)	19:36
lazyPower	remember on first boot	19:36
lazyPower	its goign to download those templates	19:36
lazyPower	so juju deploy cs:precise/wordpress -- the very first time its pulling down the 200mb cloud image and building that template container	19:37
lazyPower	then ti clones it and kicks off the charm	19:37
captine	lazyPower, thanks a mil. I am connecting and it is working well	19:39
captine	now the learning starts :)	19:39
lazyPower	awesome	19:40
lazyPower	captine: glad we got you sorted :) make sure you tell your friends about us here in #juju	19:40
arosales	marcoceppi_: thanks for the link talking a look	19:40
=== roadmr is now known as roadmr_afk
captine	lazyPower, just a questions.. maybe a dumb one. i dont need to ssh to these lxc containers to run apt-get update and apt-get upgrade? or do I?	19:58
captine	do they update when i run it on the hose?	19:58
captine	host?	19:58
lazyPower	they dont	19:59
captine	ok	19:59
captine	cool.	19:59
lazyPower	think of them as isolated VM's. you'll need to apt-get update/upgrade	19:59
captine	cool. so i can install management software into them etc. very cool.	19:59
lazyPower	and its typically a good pattern to adopt in your charm to do that during the install hook - but certain members like jrwren have their own opinions about it.	19:59
lazyPower	i reference you not out of finger pointing but knowing that you have good and valid reasons for avoiding that p attern jrwren <3	20:00
jrwren	:)	20:00
captine	well, it will be months/years away from writing charms. am an accountant by trade, so dont get much time for my tech hobbie :)	20:00
captine	lazyPower, what was ur blog address again for the setup of br0 etc... it didnt seem to save in my fabourites	20:03
lazyPower	captine: blog.dasroot.net	20:03
lazyPower	captine: it would be a good idea to back up those config files we modified in the event you ever need to go back through and edit them on another system	20:03
captine	thanks	20:03
jrwren	I just like the speed of skipping the apt-get update upgrade step.	20:04
lazyPower	updates will prompt you that there is a collision and you may have to manually edit them again, but ubuntu is good about not clobbering user updates to config files.	20:04
captine	i best get a local apt-mirror setup to install from	20:04
lazyPower	read up on setting up a squid deb proxy :)	20:05
lazyPower	path of least resistance	20:05
jrwren	I like the speed because EC2 IOOPs are very slow and IOOPS on my slow spinning rust drives are also very slow. I'd likely not care on all SSD.	20:06
captine	lazyPower, whats the best way to backup the files? just copy to fileserver? or is there a good tool?	20:06
lazyPower	captine: i myself just keep a git repository of all my config stuff on my NAS	20:08
captine	i need to learn to use git more	20:08
captine	just installed it on a vm at work to try to get our IT department to use it for application rule file (IBM Cognos files)... but am not very good with it	20:09
captine	going to crash. thanks again for all the help	20:09
captine	cheers	20:09
lazyPower	cheers Caguax :)	20:10
lazyPower	er.. yeah	20:10
Caguax	cheers lazyPower	20:10
=== wendar_ is now known as wendar
arosales	marcoceppi_: lazyPower: mbruzek: jose: niedbalski_: tvansteenburgh1: dpb1: Got a good question from the openstack folks I wanted to get your opinion on	20:38
* dpb1 listens		20:39
* mbruzek waves		20:39
arosales	apparmour	20:40
arosales	:-)	20:40
arosales	Policy states, "Should make use of AppArmor to increase security."	20:41
arosales	https://jujucharms.com/docs/authors-charm-policy	20:41
arosales	But we don't make any references to how this can be accomplished in the charm, and we unfortunately don't have any good examples.	20:41
arosales	I am a +1 for security, but how do we enforce this or if a user says, "Great how do I do this" what is the answer?	20:42
* arosales ends question		20:42
sarnold	hey arosales :) there's a handful of policies in /etc/apparmor.d/ on most ubuntu systems that can serve as a too-quick introduction to apparmor	20:43
arosales	sarnold: hello :-)	20:44
sarnold	arosales: jdstrand has a series of short-and-sweet blog posts about apparmor that are a decent enough introduction, too, https://penguindroppings.wordpress.com/2014/06/06/application-isolation-with-apparmor-part-iv/	20:44
arosales	Perhaps the right answer here is to reach out to the ubuntu security team and formulate some examples in the docs	20:44
sarnold	arosales: one thing that I'd love to see in juju charms is making use of the relation information to help create flexible policies	20:45
mbruzek	arosales: This policy predates me, but I have not seen a charm using apparmor. I suspect someone knows how to do that	20:45
arosales	sarnold: do you feel this is handled inside the app, or are there extra measure the charm should be taking?	20:45
sarnold	arosales: it depends; e.g., installing mysql from the archive will automatically get the packaged apparmor policies installed	20:45
mbruzek	good point sarnold	20:46
arosales	good point, but others may not . . .	20:46
sarnold	arosales: but if you're creating a charm for software that doesn't already supply its own policy, you could bundle it alongside the charm, drop it into /etc/apparmor.d/, and .. waves hands about making sure it's loaded before the service is started	20:46
sarnold	arosales: one complicating factor is that apparmor policies currently can't be nested; the local provider uses LXC, which uses apparmor to enforce some of its policies. so, local deployed charms wouldn't be able to use their own policy. (this is being addressed but probably won't be ready for many months.)	20:47
sarnold	arosales: jdstrand and sbeattie also put together an apparmor "policy template" language, apparmor-easyprof, that _might_ be a suitable starting place for charm authors to smack out some quick template-based policies -- which might be useful for tuning them based on configurations	20:49
arosales	interesting re lxc, didn't think of that	20:49
sarnold	I think the mysql init stuff may have mechanisms in place to cope, I haven't looked in ages.	20:50
arosales	sarnold: do you have a link to the "policy template" lauguage?	20:50
arosales	sarnold: do you know of any issues with xen or kvm in app armour policies?	20:51
sarnold	arosales: hrm, I'm having trouble finding links to apparmor-easyprof examples; it's used a bit with snap / click packaging but those tools aren't exactly easy to learn from	20:51
lazyPower	arosales: i agree that we need to get documentation around this or link to the proper docs in our charming series docs	20:52
sarnold	arosales: xen / kvm should work just fine; libvirtd does have apparmor policies confining portions of the systems (e.g. shared host/guest filesystems sometimes have trouble, and need extended policies) -- but the kvm-emulated machine or xen-emulated machine get their own apparmor policies no trouble	20:52
jhobbs	fyi i filed a bug on it here https://github.com/juju/docs/issues/229	20:52
lazyPower	arosales: what may be a good starting poitn would be to get a charm school video about security enhnacement with apparmor profiles on a simple charm - like pick the day1 charm and put in some nginx app armor policies	20:52
lazyPower	however app armor itself is a beast of a topic and goes into a broad range of things as sarnold has pointed out	20:53
=== kadams54 is now known as kadams54-away
lazyPower	and o/ sarnold :)	20:53
arosales	jhobbs: thanks	20:54
sarnold	hey lazyPower :)	20:54
sarnold	I've got to head off for lunch, but I'll be back ~hour :)	20:54
arosales	lazyPower: ya I think at a min we need some docs to point users on how to accomplish this	20:54
arosales	sarnold: if you come across those links please send them onto us :-)	20:55
lazyPower	arosales: i have a marching order over this next week to get some visualizations done for my slides / video over charm relationships - i can add an addendum to that for app armor as a follow up task.	20:55
arosales	sarnold: thanks for the input here, much appreciated	20:55
sarnold	the policies are easy enough; the hard part is tying them together to handle e.g. running under lxc, getting them loaded before programs start, etc..	20:55
lazyPower	i've ran into some really good articles that we - being juju charmers, are not warehousing, but i can distill that info into a digestible doc for starting out with app armor and link to the app armor community documentation which goes into further depth how to write them	20:56
arosales	lazyPower: if you have some time to start some docs on apparmor that wold be helpful	20:56
lazyPower	yeah, i'll try tos queeze it in :)	20:56
lazyPower	maybe as a slack task	20:56
arosales	lazyPower: sounds good	20:56
jose	arosales: so as it's a should and not a must hasn't probably been looked at much. the policies are installed with packages on the archive, but I guess this is more directed to packages which are installed from an external sourcec	21:02
jose	arosales: agree with contacting the security team, if we can get examples it would make it easier for all authors to understand what is and how it works - without reference in our own docs it's tedious work to understand it	21:02
lazyPower	arosales: and if we can get the security team to contribute those docs - would probably be better than me putting down the crumbs of info i have picked up from blog posts over the last 3 years.	21:04
lazyPower	sooooooo... theres that little tidbit of info	21:04
arosales	jose: ya some folks read that should in policy and want to follow it but don't know how, and we don't give docs on how to do so unfortunately	21:05
arosales	perhaps some "shoulds" in the policy should be best practice	21:05
arosales	policy is usually a little more black and white and not gray. These are valid points the openstack folks like jhobbs are pointing out	21:06
lazyPower	i agree with that statement, a should sounds like it can or cannot	21:06
lazyPower	policy should be true/false	21:06
jose	I believe this specific one would apply to charms that gather things from outside	21:06
arosales	jose: lazyPower: but regardless of where it lives we should reach out to the security team and get some good docs around app armor	21:06
jose	+1 on that	21:07
arosales	jose: lazyPower: also how do you guys evaluate a charm "following the spirit of Ubuntu?"	21:10
arosales	another policy item that is kind of vague, but a good one	21:11
jose	arosales: http://en.wikipedia.org/wiki/Ubuntu_%28philosophy%29 and CoC	21:11
* arosales has read that :-)		21:11
lazyPower	arosales: http://www.ubuntu.com/about/about-ubuntu/our-philosophy	21:11
arosales	just wants to know how you guys evaluate that against a charm	21:11
lazyPower	but to be honest	21:11
arosales	jose: lazyPower: we allow for a charm to deploy propritary bits so does that go against the philosophy?	21:11
lazyPower	i am probably the most lienient about that line in policy	21:12
lazyPower	as i haven't nacked anything for not being in the spirit of ubuntu	21:12
arosales	well my point is "spirt of ubuntu" could mean a lot of different things	21:12
jose	arosales: I wouldn't say so. It is giving you the opportunity to deploy software easily, which is the purpose of a charm	21:13
arosales	how does one consistantly review a charm against that policy statement	21:13
lazyPower	arosales: well, if it follows the PCBSD spirit, its clearly not in the ubuntu spirit	21:13
* lazyPower rimshots		21:13
arosales	don't get me wrong I like following the spirit of ubuntu big +1 there	21:14
mbruzek	arosales: I read that as a reason to nack a charm if it is doing something illegal or wrong.	21:14
jose	but the policy is unclear	21:14
lazyPower	arosales: so, what if the charm were to deploy say - a fully pre-loaded XXX photo distribution hub	21:14
arosales	my question is how do multiple different reviewers consitantly grade a charm against this line in a similiar manner?	21:14
lazyPower	i think thats where the follows the "ubuntu philosophy' comes into play	21:15
jose	I would do the same as Matt over there	21:15
arosales	shouldn't we say that then?	21:15
lazyPower	probably	21:15
jose	we need to make it more clear, define it	21:15
lazyPower	explicit seems to work better than implicit, there's less room for interp.	21:15
jose	I believe we can change that to follows the CoC - not doing anything that could lead to illegal actions	21:16
arosales	a good question for your charmers is should policy be explicitly true or false, or maybe	21:16
arosales	like read this for policy	21:16
arosales	"A charm should follow the ubuntu spirit"	21:16
arosales	or	21:16
arosales	A Charm must not contain or deploy any illegal software"	21:17
arosales	the latter I can clearly check off	21:17
jhobbs	in what jurisdiction? :)	21:17
arosales	the former is open to my interpretation	21:17
arosales	jhobbs: US where the charm store resides	21:17
jhobbs	cool	21:18
arosales	but valid point	21:18
mbruzek	arosales: The problem with that is it may not contain any illegal software, but what if it contains software that allows someone to DO something illegal.	21:18
lazyPower	mbruzek: thats dangerous - thats like shooting teh protocol of bit torrent because you can send illegal content over it	21:18
mbruzek	arosales: You could write rules like that all day and someone will find a way around the wording	21:18
arosales	mbruzek: well now you just took it tooo far :-)	21:18
arosales	do we sell knives still ?	21:19
mbruzek	guns don't kill people, people kill people	21:19
arosales	mbruzek: lazyPower: jose: pehaps something to discus in your charmers meeting and send to the list	21:20
arosales	my suggestion would be for a policy review and to make a decision on clear true/false or explictly leave items ambiguous for the charm author to decide.	21:20
mbruzek	arosales: My only problem with your "illegal" wording is that software may be "legal" but we might still might not want it in the charm store. And there could be different reasons for "illegal software", what if I someone didn't have the legal authority to include the software in a charm.	21:21
mbruzek	?	21:21
mbruzek	arosales: If they are all yes or no questions, what do you need us for?	21:21
arosales	someone has to check those yes/no	21:22
=== kadams54-away is now known as kadams54
* mbruzek welcomes our new robot ~charmer overlords		21:22
lazyPower	mbruzek: we are the charminators of policy - we stamp out immutable config	21:22
jhobbs	i have more questions on the policy	21:22
jhobbs	"Must also be valid for the charm and/or bundle format defined in Juju's documentation" - what does this mean?	21:22
arosales	mbruzek: be interesting to hear what your use case is for "legal" software that we don't want in the charm store	21:22
lazyPower	jhobbs: we should really encapsulate these issues in a mail and hit the list with them so the community has an opportunity to pipe in with these	21:22
jhobbs	is that just "you can't upload arbitrary non charm stuff to the store"	21:23
lazyPower	i added an addendum to our charmer meeting next week for our pre-discussion about it - but i imagine this will be a long running thread on the list for anyone that wants to participate in policy dicussion	21:23
jhobbs	lazyPower: i can do that - what list should i send them to?	21:23
lazyPower	jhobbs: the general user mailing list - juju@lists.ubuntu.com	21:23
jhobbs	lazyPower: ok	21:23
lazyPower	thanks for bringing up these points though and capturing them :)	21:24
lazyPower	appreciate it jhobbs, arosales	21:24
mbruzek	jhobbs: I believe that means it must be in a charm or bundle format so it works with Juju.	21:24
arosales	jhobbs: to answer your question though, yes the charm or bundle needs to be in a valid form (directory) in order for it to be recognized by the charm store	21:24
arosales	jhobbs: appreciate the feedback	21:24
jhobbs	np, thanks for the detailed responses	21:24
mbruzek	arosales: I don't have a good example, but illegal software draws a strange / arbitrary line in the sand. Someone will work around, or cross the line at some point.	21:25
arosales	mbruzek: fair point	21:26
arosales	mbruzek: for that point we should be careful with the wording	21:26
mbruzek	arosales: Yeah like "ubuntu philosophy" and not being against it	21:27
jhobbs	i think the guidance should focus on good people who are trying to do the right thing. like you say, bad people will always try to work around. there should be some net rule for that like "we reserve the right to reject any charm store submission if we feel it is bad."	21:27
mbruzek	jhobbs: good point	21:28
jcastro	ubuntu philosophy is things like the "don't be a jerk" rule for charms IMO.	21:30
mbruzek	jcastro: Can you give an example?	21:30
jcastro	My charm deletes user data without asking	21:31
jcastro	or ... says it does something but really does something else	21:31
jose	same I understand	21:31
jcastro	or sends your data to a third party without your knowledge, etc. etc.	21:31
jose	basically, follow CoC when writing your charms	21:31
jcastro	basically, it's a catchall "don't be a jerk" so that our policy on what is acceptable and not acceptable isn't a huge book	21:32
mbruzek	jcastro like to amazon?	21:32
jcastro	well this is cloud software so like, everything talks to other services	21:32
lazyPower	i seem to remember having this conversation with marco before, and that was his reasoning for the vague terminology	21:33
mbruzek	jcastro: https://www.youtube.com/watch?v=DXnfa0H30L4	21:33
jcastro	but like, if I install a "bruzek" charm and it phones home to the author so he can spam me, that sucks	21:33
seal	is there an easy way to check machine creation status? something similar to juju pprint?	21:33
jcastro	mbruzek, his opinions are based on an incorrect assumption, the dash is an online search engine, it's supposed to do that, and it says it does that clearly and it's easy to turn off	21:34
mbruzek	seal talk with katco in #juju-dev she did some work on the juju status	21:34
seal	mbruzek: thanks	21:35
mbruzek	jcastro: I know	21:35
dalek57	I'm trying to build a rails deployment with juju, and when trying to start the server I keep getting "no pg_hba.conf entry for host". But looking at the postgres instance, there is an entry in pg_hba.conf that contains all the correct fields. I tried exposing the postgres instance, and no luck. When I run "psql" from a shell on the rails server with all the stuff from my config, I can get to the database. There is only 1 pg_hba.conf on the postgres instance.	21:35
jcastro	but if a charm is named "aws-analytics" or something and does report data to AWS for the purpose of analytics, then yeah, I'd expect that	21:35
jcastro	if the fields are correct then the rails instance would have had a working connection to the db already right?	21:37
dalek57	jcastro: yeah, which is why I'm so baffled. The database.yml looks good to me. When I copy out all the fields and use them as arguments to psql, I get the connection	21:38
jcastro	hmph	21:39
=== roadmr_afk is now known as roadmr
=== kadams54 is now known as kadams54-away
tvansteenburgh1	cory_fu, kwmonroe: wildfly charms promulgated	22:47
cory_fu	Thank you	22:47
cory_fu	You're the best	22:47
=== tvansteenburgh1 is now known as tvansteenburgh
cory_fu	Does anyone know how the tomcat charm is intended to be used? https://manage.jujucharms.com/charms/trusty/tomcat	22:51
cory_fu	Specifically, how does one give a site (war, etc) to it to serve?	22:51
jose	cory_fu: it should, web, if it's opening port 80	22:57
cory_fu	No, I mean that it doesn't support any clearly defined way to get a WAR into it (particularly from another charm) to get tomcat to serve it.	22:58
cory_fu	I was wondering if I'm missing something	22:58
cory_fu	mbruzek: I just noticed you're the maintainer. ^^	22:58
mbruzek	cory_fu: Yes I am	22:59
cory_fu	Can you answer that question?	22:59
mbruzek	cory_fu: I wrote openmrs charm too	22:59
mbruzek	cory_fu: subordinate charm. Check my openmrs	22:59
kwmonroe	mbruzek: over the implicit juju-info interface?	23:00
cory_fu	mbruzek: We're reviewing http://bazaar.launchpad.net/~miqe/charms/trusty/openbook/trunk/view/head:/README.md	23:00
mbruzek	kwmonroe: cory_fu: correct juju-info interface	23:01
mbruzek	cory_fu: kwmonroe: I am busy right now, but I can take a look later	23:01
cory_fu	So juju-info is the recommended way to do that? Me no likey	23:01
mbruzek	cory_fu: the interface was named "tomcat-war" but it is simply juju-info relation	23:03
=== kadams54-away is now known as kadams54
asanjar	mbruzek: it was mutable config issue	23:13
asanjar	:)	23:13
mbruzek	asanjar: The root of all EVIL	23:13
asanjar	mbruzek: lol	23:14
dalek57	cory_fu: what is the best way to get the host address with charm helpers? It looks like there's some promising stuff in charmhelpers.core.host; do those come with deterministic ordering?	23:32
=== mmcc` is now known as mmcc
lazyPower	cory_fu: if you're co-locating with a subordinate, and provide an implicit interface to exchange the data for the WAR to the parent service - i think thats a more acceptable pattern	23:47
lazyPower	but i'm also just starting to explore this territory and the pattern might turn out to be complete tripe	23:47

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!