[00:01] <moqq> is there any timeline on the release of 1.23?
[00:01] <jrwren> i thought it was out?
[00:01] <jrwren> i was wrong.
[00:05] <lazyPower> jrwren: its still in devel ppa, close to release however
[00:05] <lazyPower> moqq: I cannot offer a hard ETA - but its rounding the final phase of Q/A and poking, i would imagine we'll see it land next week
[00:06] <moqq> great, thank you
[00:06] <jrwren> lazyPower: that is what confused me.
[00:06] <lazyPower> jrwren: come at me and my actions bro https://github.com/chuckbutler/docker-charm/commit/e72fd0d5b21071806e661b8c0e548884e26d3f60 ;)
[00:07] <jrwren> lazyPower: why me?
[00:07]  * jrwren runs away
[00:07] <lazyPower> because I like tormenting you when you're around? :D
[00:07] <jrwren> hahaha. fair!
[00:07] <jrwren> lazyPower: you should see some of the terrible things I've done lately :)
[00:07]  * lazyPower eyes narrow
[00:08] <jrwren> lazyPower: foregone logstash-forwarder for beaver, because its easier.
[00:08] <lazyPower> oh yeah?!
[00:08] <lazyPower> bro, we need to talk about logstash server.
[00:08] <lazyPower> I've got a branch thats getting fairly mature, that needs third party eyes
[00:09] <jrwren> lazyPower: we definitely need to talk, because I too have a branch. we need to come together.
[00:09] <lazyPower> are you running my branch for trusty in the UIX prodstack?
[00:09] <lazyPower> or did you fork it and cycle on your own stuff?
[00:09] <jrwren> not yet
[00:09] <jrwren> i forked your branch and hacked it up.
[00:09] <lazyPower> ok, so my thought is this
[00:09] <lazyPower> i just landed a big merge from IS that adds some nice goodies in there
[00:10] <lazyPower> think you can port those to your branch, and we can do a review on tests+polish+actions
[00:10] <jrwren> https://github.com/CanonicalLtd/beaver-charm and https://code.launchpad.net/~evarlast/charms/trusty/logstash/trunk
[00:10] <lazyPower> adn then make a proposal for trusty?
[00:10] <jrwren> I'll take a look.
[00:10] <lazyPower> oh man
[00:10] <lazyPower> you like, neutered half the relations
[00:10] <jrwren> did i?
[00:10] <jrwren> oh yeah.
[00:10] <lazyPower>     major rework. remove ampq and redis, add raw tcp
[00:10] <jrwren> we can put those back.
[00:11] <jrwren> running redis server seems overkill.
[00:11] <lazyPower> just add raw tcp, and block config sections with jinja
[00:11] <lazyPower> well, are you running a 30 node cluster?
[00:11] <jrwren> if gonna use redis, shouldn't i use the redis charm?
[00:11] <lazyPower> 30 node cluster + redis queueing = kinda the reference arch for this stack.
[00:11] <lazyPower> we shoudl be yeah
[00:11] <jrwren> I found no evidence of any reference arch for this stack :)
[00:12] <lazyPower> hate me all you want - i got it from here: http://www.logstashbook.com/
[00:12] <jrwren> hey me too!
[00:12] <lazyPower> <3
[00:12] <jrwren> i got the paper copy
[00:12] <jrwren> I'm really impressed with the typesetting.
[00:12] <jrwren> Its really a pleasure to read.
[00:13] <lazyPower> so anywho - if your charm operates more reliably than the franken-java-monster we have now
[00:13] <lazyPower> lets converge on that - get IS to test it in staging and see how it goes
[00:13] <jrwren> yeah, lets do that.
[00:13] <lazyPower> or OIL actually, they would probably be interested in this as well
[00:13] <jrwren> see also, the warning on page 193 :p
[00:15] <lazyPower> I'm in malta starting Sunday - can you feesably look at this sometime in the next 2 weeks? I'll lend some later-workday-hours to pair
[00:15] <lazyPower> after the malta sprint, and we'll go from there
[00:15] <jrwren> that timing matches us reasonably well.
[00:15] <lazyPower> i got poked by IS to get this thing in the CS sooner rather than later, and i'm doing one of these numbers @_@
[00:15] <jrwren> we are JUST getting this into a std. dev env.
[00:15] <jrwren> another week we may have it into our staging env
[00:15] <lazyPower> ok sweet, so timing works then.
[00:16] <lazyPower> Take a look at this MP, and see if this makes sense to you - as this was the big feature branch they wanted landed pre-store-inclusion. http://bazaar.launchpad.net/~lazypower/charms/trusty/logstash/trunk/revision/47
[00:17] <jrwren> ha! ssl
[00:17] <lazyPower> kind of important really :)
[00:17] <jrwren> so... SSL was a reason I went beaver isntead of logstash-forwarder
[00:17] <lazyPower> <3 them for contributing that
[00:17] <jrwren> its entirely unimportant if you aren't accepting logs from outside.
[00:18] <jrwren> all the comms from LS to ES are entirely unencrypted.
[00:18] <jrwren> its faux security
[00:18] <jrwren> and much added complexity
[00:18] <jrwren> but cool that they did it as config.
[00:19] <jrwren> before I gave up on it I was considering self signed generation and serving that to LSF on relation get
[00:19] <lazyPower> there's charmhelpers to take care of SSL generation/consumption
[00:19] <jrwren> nice.
[00:19] <lazyPower> you know about this right?
[00:19] <jrwren> i've not seen that part of helpers
[00:19] <lazyPower> 1 sec, fishing link
[00:20] <jrwren> so far this patch is +10
[00:20] <lazyPower> http://bazaar.launchpad.net/~charm-helpers/charm-helpers/devel/files/head:/charmhelpers/contrib/ssl/
[00:22] <jrwren> very cool.
[00:22] <lazyPower> http://bazaar.launchpad.net/~charmers/charms/trusty/nagios/trunk/revision/12
[00:22] <lazyPower> line88 = consuming of that code, and generating self signed certs
[00:22] <lazyPower> er, line88 of upgrade-charm hook
[00:23] <lazyPower> so those may help you moving forward when you need SSL certs
[00:23] <lazyPower> and you can use self-signed certs
[00:23] <lazyPower> i nkow there are many cases where that ignites fire, and causes headaches. Namely when dealing with anything on the consuming end that expects a valid CA Signed SSL certificate
[00:24] <jrwren> yeah, so that works for that use case.
[00:24] <lazyPower> in term so flogstash - you could push to /usr/local/share/ssl/ca-certificates/ and run update-ca-certificates, and the self signed would no longer raise alarms.
[00:24] <lazyPower> *push the ca cert
[00:25] <lazyPower> and that could be done w/ base64 encoding over a relationship
[00:25] <jrwren> logstash-forwarder has a ca config line
[00:25] <lazyPower> so perfect
[00:25] <jrwren> yes, exactly what I was considering
[00:25] <lazyPower> \o/
[00:25] <jrwren> but now I don't need it :p
[00:25] <lazyPower> i find your lack of encryption disturbing ;)
[00:25] <jrwren> *shrug*
[00:25] <jrwren> i worked at a security company :p
[00:26] <jrwren> it get... complecated.
[00:26] <jrwren> for example, what do you do when you add more units to the logstash service?
[00:27] <lazyPower> in terms of ssl?
[00:28] <lazyPower> the way i see it, you have 2 options. hand over all the keys in a peer relationship and install them or 2) go nuts generating keys and do key management
[00:30] <jrwren> you'll have to do 2
[00:30] <jrwren> because with 1 your CN no longer matches the address to which you are connecting
[00:32] <lazyPower> fair, i had not thought about CN based rejections. Stinking common name validation
[00:34] <jrwren> so you have to use subject alternative names
[00:34] <jrwren> which is not so easy to automate in openssl command lien
[00:35] <jrwren> I would love to see it done :)
[00:35] <jrwren> heck, at that point, someone could write up a very nice "run your own CA" charm :)
[00:37] <jrwren> so all that said, I see great value in both solutions, hence our building of that beaver charm last week.
[00:40] <lazyPower> fair enough - i can see/understand the need to GSD before you tackle the wall
[00:50] <lazyPower> jrwren: i forgot about UOS coming week after the sprint. if we get slammed lets touch base at least and see where we're at in terms of time/exploration.
[00:50] <lazyPower> and with that note, i'm goign to head out for the evening. Cheers o/
[00:51] <jrwren> gnight lazyPower travel safely
[01:03] <moqq> this is correct?:  JUJU_DEV_FEATURE_FLAG=actions juju bootstrap
[01:05] <moqq> ahhhgg. juju destroy-environment appears to leave the vagrant box image in an unusable state. after i destroy the initial environment and try to bootstrap again, i only get “ ERROR juju.cmd supercommand.go:430 cannot initiate replica set: cannot get replica set configuration: cannot get replset config: not authorized for query on local.system.replset”
[03:27]  * thumper frowns
[03:27] <thumper> wallyworld: you around?
[03:27] <wallyworld> yeah
[03:28] <thumper> so I'm trying to upgrade my ec2 env
[03:28] <thumper> it is currently using 1.20.14
[03:28] <thumper> my client is 1.22.1
[03:28] <thumper> juju upgrade-juju says: "no upgrades available"
[03:28] <thumper> any idea why?
[03:29] <wallyworld> um
[03:30] <wallyworld> do you have a tools-url setting in use?
[03:30]  * thumper looks
[03:30] <wallyworld> just saw this in the code :-(
[03:30] <wallyworld> 			// No tools found and we shouldn't upload any, so if we are not asking for a
[03:30] <wallyworld> 			// major upgrade, pretend there is no more recent version available.
[03:31] <wallyworld> why oh why
[03:31] <thumper> juju get-env tools-url says nothing
[03:31] <thumper> ?
[03:31] <wallyworld> might be tools-metadata-url
[03:31] <thumper> 2015-04-24 03:16:00 DEBUG juju.cmd.juju upgradejuju.go:367 found more recent current version 1.20.14
[03:31] <thumper> 2015-04-24 03:16:00 INFO juju.cmd cmd.go:113 no upgrades available
[03:31] <wallyworld> so that comment was from the upgrade code
[03:31] <thumper> that is from the log
[03:32] <thumper> this is a very vanilla ec2 deploy
[03:32] <thumper> I'm wondering why we are telling people there are no upgrades available when there obviously are
[03:33] <wallyworld> me too
[03:33] <wallyworld> ok, what about juju metadata validate-tools (i think)
[03:33] <moqq> i’m glad i wasn’t going crazy then
[03:33] <moqq> i thought that was strange too
[03:34] <thumper> wallyworld: what does the validate tools do?
[03:34] <wallyworld> if prints the available tools and where it finds them
[03:34] <wallyworld> or more accurately, the tools it would use
[03:34] <thumper> http://paste.ubuntu.com/10876012/
[03:35] <thumper> so... WTF?
[03:35] <wallyworld> ok so that's good
[03:35] <wallyworld> good in that your client can fin the expected tol
[03:35] <wallyworld> tools
[03:35] <wallyworld> bad in that it refuses to use them
[03:35] <wallyworld> so we can narrow down where to look for the issue
[03:36] <wallyworld> i'll read the code a bit to see if anything jumps out
[03:36] <thumper> wallyworld: also, (since I'm not working today) can you file a bug about the help text for upgrade-juju?
[03:36] <thumper> wallyworld: it still says minor numbers are dev versions
[03:36] <wallyworld> sure
[03:37] <thumper> wallyworld: I did 'juju upgrade-juju --version 1.22.1' and it worked
[03:38] <wallyworld> hmmm, so the automatic new version selection fails
[03:38] <wallyworld> the relevant comment
[03:38] <wallyworld> 		// No explicitly specified version, so find the version to which we
[03:38] <wallyworld> 		// need to upgrade. If the CLI and agent major versions match, we find
[03:38] <wallyworld> 		// next available stable release to upgrade to by incrementing the
[03:38] <wallyworld> 		// minor version, starting from the current agent version and doing
[03:38] <wallyworld> 		// major.minor+1. If the CLI has a greater major version,
[03:38] <wallyworld> 		// we just use the CLI version as is.
[03:38] <bradm> anyone know how you get a charm added to trusty?  bip is currently only in precise, I followed what looked to be the instructions at https://jujucharms.com/docs/stable/authors-charm-store#recommended-charms and filed LP#1401774, but there is literally no movement.
[03:39] <wallyworld> bradm: marcoceppi_ would be one person to ask, i have NFI
[03:40] <bradm> I filed this bug about 4 months ago now..
[03:40] <bradm> marcoceppi_: can you have a look at LP#1401774 when you're about and have time?  trying to get the bip charm into trusty.
[03:41] <wallyworld> thumper: one guess i have quickly looking at the code is that we still seem to expect to only upgrade from x.y to x.y+1
[03:42] <wallyworld> that's if we don't specify an explicit version
[03:42] <wallyworld> so in your case, it was looking for 1.21
[03:42] <thumper> hmm...
[03:42] <wallyworld> not sure why it couldn't find that
[03:42] <wallyworld> and anyway, that's wrong
[03:42]  * thumper nods
[03:42]  * thumper goes to make a coffee
[03:42] <wallyworld> i'll file a bug
[03:47] <moqq> hey i can’t find in the docs anything detailing exactly what ports/routes are needed between the juju client and the rest of the cluster. is it ssh from the client machine to every machine in the cluster?
[03:47] <moqq> and what the “tools storage” port 8040 is exactly used for / by whom
[03:50] <wallyworld> moqq: tools storage port is no longer used for new installs
[03:50] <moqq> oh excellent
[03:51] <wallyworld> the main port is 17070 used to connect the client to the state servers
[03:51] <wallyworld> and ssh
[03:51] <moqq> the 17070 is a mongodb port?
[03:51] <wallyworld> the client can ssh to each node, but it can proxy via the state server i think
[03:51] <moqq> ah ok
[03:52] <wallyworld> no, mongo uses 37017
[03:52] <wallyworld> but only the state server connects to that
[03:52] <moqq> okay. and there is only one state server per cluster?
[03:52] <moqq> per ‘environment’ *
[03:53] <wallyworld> by default, but there is high availability also so a cluster of state servers is supported
[03:53] <moqq> ah ok
[03:53] <wallyworld> 1, 3, 5, 7 etc
[03:53] <wallyworld> odd numbers because it uses a mongo replicaset
[03:53] <moqq> yep
[03:53] <moqq> so, to issue commands to an environemnt (like deploy or actions), the machine running the juju client needs only to be able talk the master server(s) via tcp 37017
[03:53] <moqq> correct?
[03:53] <wallyworld> 17070
[03:54] <moqq> erm*
[03:54] <moqq> yes
[03:54] <wallyworld> yes
[03:54] <moqq> excellent, thank you
[03:54] <wallyworld> sure, np
[03:54] <wallyworld> i can't recall if ssh proxy is enabled by default
[03:55] <wallyworld> if it is, you can also ssh to worker nodes via the state server also, so 17070 should be all you need the client to connect to
[03:55] <moqq> yeah that makes sense. neat
[03:55] <moqq> just curious, what protocol is it carrying over 17070?
[03:57] <wallyworld> proxy-ssh is true by default for new environments
[03:57] <wallyworld> websocket
[03:57] <moqq> over https?
[03:57] <wallyworld> https based
[03:57] <moqq> awesome
[03:57] <wallyworld> when an env is bootstrapped, certs are generated
[03:57] <moqq> i saw those in there, that makes sense.
[03:59] <moqq> thanks again for the info. getting this into production with a handful of custom charms over the coming week and a half so i will likely have a few more inquiries!
[04:02] <wallyworld> moqq: sure, np. there's more people in #juju-dev so you will have most luck asking in there
[04:02] <wallyworld> ask any questions and we'll try and help
[04:02] <wallyworld> there's also the mailing list
[04:02] <wallyworld> good luck with the roll out
[04:07] <moqq> awesome, thank you
[04:22] <lazyPower> bradm: Updates to trusty are predicated by test inclusion - if you can contribute some amulet tests to the bip charm it would expedite the process
[04:22] <lazyPower> ah disregard, i made that statement while still reading backlog and not looking @ the bug
[04:22]  * lazyPower stands in teh corner
[04:36] <bradm> lazyPower: ayup.  as far as I can tell there's tests there.  I might need to update the branch from precise trunk since its been filed so long ago
[04:37] <lazyPower> bradm: sorry about that - i dont see it in our RevQ, and id ont know why thats the case
[04:37] <lazyPower> status new + linked branch should have pulled it in
[04:37] <bradm> lazyPower: I'm planning to rewrite it in services framework, it should be pretty simple
[04:37] <lazyPower> :thumbsup: I look forward to seeing that :)
[04:37] <bradm> lazyPower: no worries, I couldn't see it in the review queue either, so I finally got time to go looking
[04:37] <bradm> lazyPower: I have a couple of thruk charms to throw charmers way once I get tests added
[04:38] <bradm> lazyPower: those are all in the services framework
[04:39] <bradm> lazyPower: anyway, for the bip charm push up to trusty, if we can get it on someones radar to see whats going on, that'd be awesome.  its not a hugely high priority, bip is kind of my play charm that I push along when I get a chance
[08:14] <jcapel> I thought I'd give juju a go on my freshly installed 15.04 server, but juju-quickstart fails. It seems to assume the system is using upstart (it fails on start juju-db)
[09:09] <bloodearnest> hmm, can I file/reassign a bug to a specific charm? Seems I can only assign to "charms" project
[09:19] <jamespage> marcoceppi_, hey - how do I see why the charm release yesterday has not ingested into the store?
[09:20] <marcoceppi_> jamespage: great question, no idea anymore. If it passes proof it should be ingested. Are you not seeing it in the gui or not deployable?
[09:21] <jamespage> marcoceppi_, https://jujucharms.com/cinder/
[09:21] <jamespage> vs the branch on launchpad
[09:21] <marcoceppi_> https://store.juju.ubuntu.com/charm-info?charms=cs:trusty/cinder
[09:21] <marcoceppi_> seems revision 18 is in the store
[09:22] <marcoceppi_> this is a charmstore api thing, you'll need to ping rick_h_ & co to investigate
[09:23] <marcoceppi_> jamespage: actually, they do seem to be the same
[09:23] <marcoceppi_> so this might be a larger issue
[09:24]  * marcoceppi_ investigates
[09:25] <marcoceppi_> jamespage: it seems that what's in lp:~openstack-charmers/charms/trusty/cinder/trunk is in the charmstore proper
[09:25] <marcoceppi_> the gui seems to have the same revision, but the revision history is off
[09:26] <marcoceppi_> which makes sense, I think the api is mid-transision away from tracking dvcs info
[09:26] <marcoceppi_> rick_h_ and the ui team would know more
[10:54] <rick_h_> jamespage: marcoceppi_ there's a bug with the new charmstore not getting the up to date changelog and the guys on are it. The charm itself, the readme, etc is all good but it's missing the latest revisions in the changelog.
[11:07] <marcoceppi_> rick_h_: that's what it seemed like, I figured we were just going to drop that in a juju publish world
[11:07] <rick_h_> marcoceppi_: well our goal will be to try to keep it if we can tell but yea. Might end up being a link to the homepage/etc
[11:09] <marcoceppi_> rick_h_: ack, thanks for the clarification
[11:18] <Mmike> Hey, guys,. I run `juju run --service myservice "someSuperDuperStuff.sh`, and that fails with timeout for some units. But at the same time I'm able to do 'juju ssh myservice/{0,1,2,3...}' with no problem(s)
[11:19] <Mmike> how is juju run implemented, and why whould it time out, how do I start debugging this?
[11:28] <marcoceppi_> Mmike: juju run is run as a hook context, so if you have hooks running or is someSuperDuperStuff.sh never exits
[11:28] <marcoceppi_> it'll timeout
[11:43] <Mmike> marcoceppi_: aaaa, makes sense!
[11:43] <Mmike> marcoceppi_: thnx! :)
[11:43] <Mmike> i do have hooks still running
[11:48] <marcoceppi_> Mmike: so the juju run is queued
[11:49] <marcoceppi_> Mmike: you'd probalby be interested in actions, which is like run with some structure and async nature
[11:51] <Mmike> marcoceppi_: for now I can really do 'juju ssh' in a for loop
[11:51] <Mmike> marcoceppi_: is there a document(ation) describing how to use juju actions?
[11:53] <marcoceppi_> Mmike: yes, there is: https://jujucharms.com/docs/stable/authors-charm-actions
[11:53] <Mmike> oh
[11:53] <Mmike> neat!
[11:53] <Mmike> marcoceppi_++ thnx
[12:08] <urulama> jamespage: is this the proper cinder now? https://jujucharms.com/cinder
[17:30] <jhobbs> Hi - is there a way to specify a revision of the launchpad branch for a charm in deployer bundles?
[20:23] <hatch> is there any way to expose a port on a unit from the juju CLI?
[20:25] <jrwren> nope
[20:25] <hatch> ok how about any way to expose a port besides the hook context
[20:27] <hatch> doesn't look like I cna change it from the aws console
[20:29] <jrwren> yeah, you can, edit the security group.
[20:32] <lazyPower> hatch: juju run --service "open-port 80"
[20:33] <lazyPower> Anon hook context == hook context. I use this when developing and i forget to set an open-port statement.
[20:33] <hatch> lazyPower: very cool trick! Thanks!
[20:33] <jrwren> been looking for that for a year(almost) is it documented?
[20:34] <hatch> (not that I could find) heh
[20:34] <hatch> well juju run is
[20:34] <hatch> so this is just a really cool technique :)
[20:36] <jrwren> the key there is that the unit tools path is in PATH when using --service. That is great!
[20:38] <jrwren> bah, its right there in the juju run help. Now I feel stupid.
[20:38] <hatch> haha I didn't even think to try juju run so... :)
[20:39] <lazyPower> Tricks of the trade
[20:44] <hatch> thanks again lazyPower
[20:44] <lazyPower> cheers