/srv/irclogs.ubuntu.com/2015/04/24/#juju.txt

moqqis there any timeline on the release of 1.23?00:01
jrwreni thought it was out?00:01
jrwreni was wrong.00:01
lazyPowerjrwren: its still in devel ppa, close to release however00:05
lazyPowermoqq: I cannot offer a hard ETA - but its rounding the final phase of Q/A and poking, i would imagine we'll see it land next week00:05
moqqgreat, thank you00:06
jrwrenlazyPower: that is what confused me.00:06
lazyPowerjrwren: come at me and my actions bro https://github.com/chuckbutler/docker-charm/commit/e72fd0d5b21071806e661b8c0e548884e26d3f60 ;)00:06
jrwrenlazyPower: why me?00:07
* jrwren runs away00:07
lazyPowerbecause I like tormenting you when you're around? :D00:07
jrwrenhahaha. fair!00:07
jrwrenlazyPower: you should see some of the terrible things I've done lately :)00:07
* lazyPower eyes narrow00:07
jrwrenlazyPower: foregone logstash-forwarder for beaver, because its easier.00:08
lazyPoweroh yeah?!00:08
lazyPowerbro, we need to talk about logstash server.00:08
lazyPowerI've got a branch thats getting fairly mature, that needs third party eyes00:08
jrwrenlazyPower: we definitely need to talk, because I too have a branch. we need to come together.00:09
lazyPowerare you running my branch for trusty in the UIX prodstack?00:09
lazyPoweror did you fork it and cycle on your own stuff?00:09
jrwrennot yet00:09
jrwreni forked your branch and hacked it up.00:09
lazyPowerok, so my thought is this00:09
lazyPoweri just landed a big merge from IS that adds some nice goodies in there00:09
lazyPowerthink you can port those to your branch, and we can do a review on tests+polish+actions00:10
jrwrenhttps://github.com/CanonicalLtd/beaver-charm and https://code.launchpad.net/~evarlast/charms/trusty/logstash/trunk00:10
lazyPoweradn then make a proposal for trusty?00:10
jrwrenI'll take a look.00:10
lazyPoweroh man00:10
lazyPoweryou like, neutered half the relations00:10
jrwrendid i?00:10
jrwrenoh yeah.00:10
lazyPower    major rework. remove ampq and redis, add raw tcp00:10
jrwrenwe can put those back.00:10
jrwrenrunning redis server seems overkill.00:11
lazyPowerjust add raw tcp, and block config sections with jinja00:11
lazyPowerwell, are you running a 30 node cluster?00:11
jrwrenif gonna use redis, shouldn't i use the redis charm?00:11
lazyPower30 node cluster + redis queueing = kinda the reference arch for this stack.00:11
lazyPowerwe shoudl be yeah00:11
jrwrenI found no evidence of any reference arch for this stack :)00:11
lazyPowerhate me all you want - i got it from here: http://www.logstashbook.com/00:12
jrwrenhey me too!00:12
lazyPower<300:12
jrwreni got the paper copy00:12
jrwrenI'm really impressed with the typesetting.00:12
jrwrenIts really a pleasure to read.00:12
lazyPowerso anywho - if your charm operates more reliably than the franken-java-monster we have now00:13
lazyPowerlets converge on that - get IS to test it in staging and see how it goes00:13
jrwrenyeah, lets do that.00:13
lazyPoweror OIL actually, they would probably be interested in this as well00:13
jrwrensee also, the warning on page 193 :p00:13
lazyPowerI'm in malta starting Sunday - can you feesably look at this sometime in the next 2 weeks? I'll lend some later-workday-hours to pair00:15
lazyPowerafter the malta sprint, and we'll go from there00:15
jrwrenthat timing matches us reasonably well.00:15
lazyPoweri got poked by IS to get this thing in the CS sooner rather than later, and i'm doing one of these numbers @_@00:15
jrwrenwe are JUST getting this into a std. dev env.00:15
jrwrenanother week we may have it into our staging env00:15
lazyPowerok sweet, so timing works then.00:15
lazyPowerTake a look at this MP, and see if this makes sense to you - as this was the big feature branch they wanted landed pre-store-inclusion. http://bazaar.launchpad.net/~lazypower/charms/trusty/logstash/trunk/revision/4700:16
jrwrenha! ssl00:17
lazyPowerkind of important really :)00:17
jrwrenso... SSL was a reason I went beaver isntead of logstash-forwarder00:17
lazyPower<3 them for contributing that00:17
jrwrenits entirely unimportant if you aren't accepting logs from outside.00:17
jrwrenall the comms from LS to ES are entirely unencrypted.00:18
jrwrenits faux security00:18
jrwrenand much added complexity00:18
jrwrenbut cool that they did it as config.00:18
jrwrenbefore I gave up on it I was considering self signed generation and serving that to LSF on relation get00:19
lazyPowerthere's charmhelpers to take care of SSL generation/consumption00:19
jrwrennice.00:19
lazyPoweryou know about this right?00:19
jrwreni've not seen that part of helpers00:19
lazyPower1 sec, fishing link00:19
jrwrenso far this patch is +1000:20
lazyPowerhttp://bazaar.launchpad.net/~charm-helpers/charm-helpers/devel/files/head:/charmhelpers/contrib/ssl/00:20
jrwrenvery cool.00:22
lazyPowerhttp://bazaar.launchpad.net/~charmers/charms/trusty/nagios/trunk/revision/1200:22
lazyPowerline88 = consuming of that code, and generating self signed certs00:22
lazyPowerer, line88 of upgrade-charm hook00:22
lazyPowerso those may help you moving forward when you need SSL certs00:23
lazyPowerand you can use self-signed certs00:23
lazyPoweri nkow there are many cases where that ignites fire, and causes headaches. Namely when dealing with anything on the consuming end that expects a valid CA Signed SSL certificate00:23
jrwrenyeah, so that works for that use case.00:24
lazyPowerin term so flogstash - you could push to /usr/local/share/ssl/ca-certificates/ and run update-ca-certificates, and the self signed would no longer raise alarms.00:24
lazyPower*push the ca cert00:24
lazyPowerand that could be done w/ base64 encoding over a relationship00:25
jrwrenlogstash-forwarder has a ca config line00:25
lazyPowerso perfect00:25
jrwrenyes, exactly what I was considering00:25
lazyPower\o/00:25
jrwrenbut now I don't need it :p00:25
lazyPoweri find your lack of encryption disturbing ;)00:25
jrwren*shrug*00:25
jrwreni worked at a security company :p00:25
jrwrenit get... complecated.00:26
jrwrenfor example, what do you do when you add more units to the logstash service?00:26
lazyPowerin terms of ssl?00:27
lazyPowerthe way i see it, you have 2 options. hand over all the keys in a peer relationship and install them or 2) go nuts generating keys and do key management00:28
jrwrenyou'll have to do 200:30
jrwrenbecause with 1 your CN no longer matches the address to which you are connecting00:30
lazyPowerfair, i had not thought about CN based rejections. Stinking common name validation00:32
jrwrenso you have to use subject alternative names00:34
jrwrenwhich is not so easy to automate in openssl command lien00:34
jrwrenI would love to see it done :)00:35
jrwrenheck, at that point, someone could write up a very nice "run your own CA" charm :)00:35
jrwrenso all that said, I see great value in both solutions, hence our building of that beaver charm last week.00:37
lazyPowerfair enough - i can see/understand the need to GSD before you tackle the wall00:40
lazyPowerjrwren: i forgot about UOS coming week after the sprint. if we get slammed lets touch base at least and see where we're at in terms of time/exploration.00:50
lazyPowerand with that note, i'm goign to head out for the evening. Cheers o/00:50
jrwrengnight lazyPower travel safely00:51
moqqthis is correct?:  JUJU_DEV_FEATURE_FLAG=actions juju bootstrap01:03
moqqahhhgg. juju destroy-environment appears to leave the vagrant box image in an unusable state. after i destroy the initial environment and try to bootstrap again, i only get “ ERROR juju.cmd supercommand.go:430 cannot initiate replica set: cannot get replica set configuration: cannot get replset config: not authorized for query on local.system.replset”01:05
=== kadams54-away is now known as kadams54
=== kadams54 is now known as kadams54-away
* thumper frowns03:27
thumperwallyworld: you around?03:27
wallyworldyeah03:27
thumperso I'm trying to upgrade my ec2 env03:28
thumperit is currently using 1.20.1403:28
thumpermy client is 1.22.103:28
thumperjuju upgrade-juju says: "no upgrades available"03:28
thumperany idea why?03:28
wallyworldum03:29
wallyworlddo you have a tools-url setting in use?03:30
* thumper looks03:30
wallyworldjust saw this in the code :-(03:30
wallyworld// No tools found and we shouldn't upload any, so if we are not asking for a03:30
wallyworld// major upgrade, pretend there is no more recent version available.03:30
wallyworldwhy oh why03:31
thumperjuju get-env tools-url says nothing03:31
thumper?03:31
wallyworldmight be tools-metadata-url03:31
thumper2015-04-24 03:16:00 DEBUG juju.cmd.juju upgradejuju.go:367 found more recent current version 1.20.1403:31
thumper2015-04-24 03:16:00 INFO juju.cmd cmd.go:113 no upgrades available03:31
wallyworldso that comment was from the upgrade code03:31
thumperthat is from the log03:31
thumperthis is a very vanilla ec2 deploy03:32
thumperI'm wondering why we are telling people there are no upgrades available when there obviously are03:32
wallyworldme too03:33
wallyworldok, what about juju metadata validate-tools (i think)03:33
moqqi’m glad i wasn’t going crazy then03:33
moqqi thought that was strange too03:33
thumperwallyworld: what does the validate tools do?03:34
wallyworldif prints the available tools and where it finds them03:34
wallyworldor more accurately, the tools it would use03:34
thumperhttp://paste.ubuntu.com/10876012/03:34
thumperso... WTF?03:35
wallyworldok so that's good03:35
wallyworldgood in that your client can fin the expected tol03:35
wallyworldtools03:35
wallyworldbad in that it refuses to use them03:35
wallyworldso we can narrow down where to look for the issue03:35
wallyworldi'll read the code a bit to see if anything jumps out03:36
=== scuttlemonkey is now known as scuttle|afk
thumperwallyworld: also, (since I'm not working today) can you file a bug about the help text for upgrade-juju?03:36
thumperwallyworld: it still says minor numbers are dev versions03:36
wallyworldsure03:36
thumperwallyworld: I did 'juju upgrade-juju --version 1.22.1' and it worked03:37
wallyworldhmmm, so the automatic new version selection fails03:38
wallyworldthe relevant comment03:38
wallyworld// No explicitly specified version, so find the version to which we03:38
wallyworld// need to upgrade. If the CLI and agent major versions match, we find03:38
wallyworld// next available stable release to upgrade to by incrementing the03:38
wallyworld// minor version, starting from the current agent version and doing03:38
wallyworld// major.minor+1. If the CLI has a greater major version,03:38
wallyworld// we just use the CLI version as is.03:38
bradmanyone know how you get a charm added to trusty?  bip is currently only in precise, I followed what looked to be the instructions at https://jujucharms.com/docs/stable/authors-charm-store#recommended-charms and filed LP#1401774, but there is literally no movement.03:38
wallyworldbradm: marcoceppi_ would be one person to ask, i have NFI03:39
bradmI filed this bug about 4 months ago now..03:40
bradmmarcoceppi_: can you have a look at LP#1401774 when you're about and have time?  trying to get the bip charm into trusty.03:40
wallyworldthumper: one guess i have quickly looking at the code is that we still seem to expect to only upgrade from x.y to x.y+103:41
wallyworldthat's if we don't specify an explicit version03:42
wallyworldso in your case, it was looking for 1.2103:42
thumperhmm...03:42
wallyworldnot sure why it couldn't find that03:42
wallyworldand anyway, that's wrong03:42
* thumper nods03:42
* thumper goes to make a coffee03:42
wallyworldi'll file a bug03:42
moqqhey i can’t find in the docs anything detailing exactly what ports/routes are needed between the juju client and the rest of the cluster. is it ssh from the client machine to every machine in the cluster?03:47
moqqand what the “tools storage” port 8040 is exactly used for / by whom03:47
wallyworldmoqq: tools storage port is no longer used for new installs03:50
moqqoh excellent03:50
wallyworldthe main port is 17070 used to connect the client to the state servers03:51
wallyworldand ssh03:51
moqqthe 17070 is a mongodb port?03:51
wallyworldthe client can ssh to each node, but it can proxy via the state server i think03:51
moqqah ok03:51
wallyworldno, mongo uses 3701703:52
wallyworldbut only the state server connects to that03:52
moqqokay. and there is only one state server per cluster?03:52
moqqper ‘environment’ *03:52
wallyworldby default, but there is high availability also so a cluster of state servers is supported03:53
moqqah ok03:53
wallyworld1, 3, 5, 7 etc03:53
wallyworldodd numbers because it uses a mongo replicaset03:53
moqqyep03:53
moqqso, to issue commands to an environemnt (like deploy or actions), the machine running the juju client needs only to be able talk the master server(s) via tcp 3701703:53
moqqcorrect?03:53
wallyworld1707003:53
moqqerm*03:54
moqqyes03:54
wallyworldyes03:54
moqqexcellent, thank you03:54
wallyworldsure, np03:54
wallyworldi can't recall if ssh proxy is enabled by default03:54
wallyworldif it is, you can also ssh to worker nodes via the state server also, so 17070 should be all you need the client to connect to03:55
moqqyeah that makes sense. neat03:55
moqqjust curious, what protocol is it carrying over 17070?03:55
wallyworldproxy-ssh is true by default for new environments03:57
wallyworldwebsocket03:57
moqqover https?03:57
wallyworldhttps based03:57
moqqawesome03:57
wallyworldwhen an env is bootstrapped, certs are generated03:57
moqqi saw those in there, that makes sense.03:57
moqqthanks again for the info. getting this into production with a handful of custom charms over the coming week and a half so i will likely have a few more inquiries!03:59
wallyworldmoqq: sure, np. there's more people in #juju-dev so you will have most luck asking in there04:02
wallyworldask any questions and we'll try and help04:02
wallyworldthere's also the mailing list04:02
wallyworldgood luck with the roll out04:02
moqqawesome, thank you04:07
lazyPowerbradm: Updates to trusty are predicated by test inclusion - if you can contribute some amulet tests to the bip charm it would expedite the process04:22
lazyPowerah disregard, i made that statement while still reading backlog and not looking @ the bug04:22
* lazyPower stands in teh corner04:22
bradmlazyPower: ayup.  as far as I can tell there's tests there.  I might need to update the branch from precise trunk since its been filed so long ago04:36
lazyPowerbradm: sorry about that - i dont see it in our RevQ, and id ont know why thats the case04:37
lazyPowerstatus new + linked branch should have pulled it in04:37
bradmlazyPower: I'm planning to rewrite it in services framework, it should be pretty simple04:37
lazyPower:thumbsup: I look forward to seeing that :)04:37
bradmlazyPower: no worries, I couldn't see it in the review queue either, so I finally got time to go looking04:37
bradmlazyPower: I have a couple of thruk charms to throw charmers way once I get tests added04:37
bradmlazyPower: those are all in the services framework04:38
bradmlazyPower: anyway, for the bip charm push up to trusty, if we can get it on someones radar to see whats going on, that'd be awesome.  its not a hugely high priority, bip is kind of my play charm that I push along when I get a chance04:39
=== urulama__ is now known as urulama
jcapelI thought I'd give juju a go on my freshly installed 15.04 server, but juju-quickstart fails. It seems to assume the system is using upstart (it fails on start juju-db)08:14
bloodearnesthmm, can I file/reassign a bug to a specific charm? Seems I can only assign to "charms" project09:09
jamespagemarcoceppi_, hey - how do I see why the charm release yesterday has not ingested into the store?09:19
marcoceppi_jamespage: great question, no idea anymore. If it passes proof it should be ingested. Are you not seeing it in the gui or not deployable?09:20
jamespagemarcoceppi_, https://jujucharms.com/cinder/09:21
jamespagevs the branch on launchpad09:21
marcoceppi_https://store.juju.ubuntu.com/charm-info?charms=cs:trusty/cinder09:21
marcoceppi_seems revision 18 is in the store09:21
marcoceppi_this is a charmstore api thing, you'll need to ping rick_h_ & co to investigate09:22
marcoceppi_jamespage: actually, they do seem to be the same09:23
marcoceppi_so this might be a larger issue09:23
* marcoceppi_ investigates09:24
marcoceppi_jamespage: it seems that what's in lp:~openstack-charmers/charms/trusty/cinder/trunk is in the charmstore proper09:25
marcoceppi_the gui seems to have the same revision, but the revision history is off09:25
marcoceppi_which makes sense, I think the api is mid-transision away from tracking dvcs info09:26
marcoceppi_rick_h_ and the ui team would know more09:26
rick_h_jamespage: marcoceppi_ there's a bug with the new charmstore not getting the up to date changelog and the guys on are it. The charm itself, the readme, etc is all good but it's missing the latest revisions in the changelog.10:54
marcoceppi_rick_h_: that's what it seemed like, I figured we were just going to drop that in a juju publish world11:07
rick_h_marcoceppi_: well our goal will be to try to keep it if we can tell but yea. Might end up being a link to the homepage/etc11:07
marcoceppi_rick_h_: ack, thanks for the clarification11:09
MmikeHey, guys,. I run `juju run --service myservice "someSuperDuperStuff.sh`, and that fails with timeout for some units. But at the same time I'm able to do 'juju ssh myservice/{0,1,2,3...}' with no problem(s)11:18
Mmikehow is juju run implemented, and why whould it time out, how do I start debugging this?11:19
marcoceppi_Mmike: juju run is run as a hook context, so if you have hooks running or is someSuperDuperStuff.sh never exits11:28
marcoceppi_it'll timeout11:28
Mmikemarcoceppi_: aaaa, makes sense!11:43
Mmikemarcoceppi_: thnx! :)11:43
Mmikei do have hooks still running11:43
marcoceppi_Mmike: so the juju run is queued11:48
marcoceppi_Mmike: you'd probalby be interested in actions, which is like run with some structure and async nature11:49
Mmikemarcoceppi_: for now I can really do 'juju ssh' in a for loop11:51
Mmikemarcoceppi_: is there a document(ation) describing how to use juju actions?11:51
marcoceppi_Mmike: yes, there is: https://jujucharms.com/docs/stable/authors-charm-actions11:53
Mmikeoh11:53
Mmikeneat!11:53
Mmikemarcoceppi_++ thnx11:53
urulamajamespage: is this the proper cinder now? https://jujucharms.com/cinder12:08
=== kadams54 is now known as kadams54-away
=== kadams54-away is now known as kadams54
=== scuttle|afk is now known as scuttlemonkey
=== kadams54 is now known as kadams54-away
=== kadams54-away is now known as kadams54
=== kadams54 is now known as kadams54-away
=== kadams54-away is now known as kadams54
=== mattgrif_ is now known as mattgriffin
=== liam_ is now known as Guest67926
=== SR is now known as Guest89666
=== urulama is now known as urulama__
jhobbsHi - is there a way to specify a revision of the launchpad branch for a charm in deployer bundles?17:30
=== kadams54 is now known as kadams54-away
=== kadams54-away is now known as kadams54
=== mattgrif_ is now known as mattgriffin
=== kadams54 is now known as kadams54-away
hatchis there any way to expose a port on a unit from the juju CLI?20:23
jrwrennope20:25
hatchok how about any way to expose a port besides the hook context20:25
hatchdoesn't look like I cna change it from the aws console20:27
jrwrenyeah, you can, edit the security group.20:29
lazyPowerhatch: juju run --service "open-port 80"20:32
lazyPowerAnon hook context == hook context. I use this when developing and i forget to set an open-port statement.20:33
hatchlazyPower: very cool trick! Thanks!20:33
jrwrenbeen looking for that for a year(almost) is it documented?20:33
hatch(not that I could find) heh20:34
hatchwell juju run is20:34
hatchso this is just a really cool technique :)20:34
jrwrenthe key there is that the unit tools path is in PATH when using --service. That is great!20:36
jrwrenbah, its right there in the juju run help. Now I feel stupid.20:38
hatchhaha I didn't even think to try juju run so... :)20:38
lazyPowerTricks of the trade20:39
hatchthanks again lazyPower20:44
lazyPowercheers20:44
=== scuttlemonkey is now known as scuttle|afk
=== kadams54-away is now known as kadams54
=== kadams54 is now known as kadams54-away

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!