[08:58] <jamespage> gnuoy, hows the barbican charm looking?
[08:59] <gnuoy> jamespage, well, from a using layers to build a charm perspective: great! from a functioning service pov: less great
[08:59] <jamespage> gnuoy, packaging issues?
[08:59] <gnuoy>  5 barbican package bugs so far ( http://paste.ubuntu.com/14047472/ )
[08:59] <gnuoy> and even working around those the token from keystone is still be rejected by barbican
[09:01] <gnuoy> jamespage, tbh, I'm conflicted on how much time to spend working on barbican itself as opposed to charm/layers stuff
[09:04] <jamespage> gnuoy, I can have that lot fixed in two shakes of a stick...
[09:04] <gnuoy> jamespage, they are not blocking me, they are easy to work around
[09:04] <jamespage> gnuoy, what's the right way to run barbican then?
[09:06] <gnuoy> jamespage, Using the previous version of barbican (2014.2) the charm works and you can retrieve and store secrets. With the liberty package I'm still trying to get it to work at all
[09:07] <gnuoy> jamespage, https://github.com/cloudkeep/barbican/wiki/Integration-with-Apache2 is what the charm should probably do eventually but right now I'm trying to get it to work at all
[09:32] <jamespage> gnuoy, https://launchpad.net/~james-page/+archive/ubuntu/liberty-testing
[09:32] <jamespage> updates for liberty will appear here once they build
[09:35] <gnuoy> jamespage, fantastic, thanks
[09:54] <jamespage> gnuoy, btw I'd add python-pymysql to the package list for barbican
[09:54] <gnuoy> yep, I wont rely on recommends
[09:56] <jamespage> gnuoy, that's a nice example of release specific behaviour - python-mysqldb -> python-pymysql
[09:57] <jamespage> kilo -> liberty
[10:07] <jamespage> gnuoy, ok prep done for sru as well; once we're ok with my ppa package I'll upload
[10:19] <jamespage> okay all built
[10:19] <jamespage> gnuoy, ^^
[10:20] <gnuoy> jamespage, yep, I'm giving it a spin at the moment, thanks for all your fixes
[10:20] <jamespage> gnuoy, np we'd have todo them anyway for the MIR
[13:23] <gnuoy> jamespage, barbican  charm is now functional with liberty rc1, thanks
[13:24] <jamespage> gnuoy, oooo
[13:24] <jamespage> awesome
[13:50] <icezimm> a quick question, how do I create a database on juju mysql? I've searched but found nothing… is it possible to create only via charms relationships?
[13:51] <rick_h_> icezimm: it's setup to do that automatically on the charm relations.
[13:51] <marcoceppi> icezimm: at the moment, yes. the MySQL charm will only create database schemas when a realtion is made
[13:51] <rick_h_> icezimm: you could juju ssh to it and run normal mysql commands
[13:51] <marcoceppi> icezimm: however, the root password is available if you wish to use it out of band of Juju
[13:51] <icezimm> I understand I can juju ssh mysql/0 then mysql -u root -p `sudo cat …`
[13:51] <icezimm> hummmm
[13:52] <icezimm> so I'd never find how to create using juju heheh
[13:52] <icezimm> thank you very much rick_h_ and marcoceppi :)
[13:52] <rick_h_> icezimm: it might make an interesting juju action to support creating on the fly dbs
[13:52] <marcoceppi> icezimm: well, it's not available yet, but you could add an action to do this
[13:52] <marcoceppi> rick_h_: man, I'm slow today ;)
[13:52] <icezimm> hahahha
[13:52] <icezimm> rick_h_ is fast like bullets flying ;)
[13:52] <rick_h_> marcoceppi: :P
[13:53] <icezimm> just to make sure, you're talking about this:  https://jujucharms.com/docs/1.25/actions right?
[13:54] <Icey> icezimm yes
[13:54] <icezimm> hummm great, I'm new to juju… just started this week, getting used heheh
[13:54] <icezimm> Icey: thank you
[13:55] <marcoceppi> icezimm: yes, so ideally you'd do something like this `juju action do mysql/0 create-db name=<name-you-want>` and it would reply back with all the details you need
[13:55] <marcoceppi> icezimm: welcome!
[13:55] <Icey> marcoceppi another use case for synchronous actions :)
[13:55] <marcoceppi> icezimm: however, someone would have to create that action and add it to the charm
[13:55] <icezimm> I deployed a mysql, but running `juju action defined mysql` as described on documentation shows `No actions defined for mysql`
[13:55] <icezimm> marcoceppi: thank you :)
[13:55] <marcoceppi> icezimm: yeah, so the action doesn't exist yet, someone would have to create it, but that's the mechanism you'd use
[13:55] <icezimm> I mean
[13:56] <icezimm> not the create db action
[13:56] <icezimm> https://jujucharms.com/docs/1.25/actions#action-commands
[13:56] <marcoceppi> icezimm: yes, mysql doesn't have any actions defined at the moment
[13:56] <icezimm> `juju action defined mysql` was supposed to return backup, benchmark, dump, restart… no?
[13:56] <icezimm> hummmm…
[13:57] <marcoceppi> icezimm: hum, maybe
[13:57] <marcoceppi> icezimm: looking at the charm, there are no actions
[13:58] <marcoceppi> icezimm: I see how this is confusing, since the documentatoin says so
[13:58] <icezimm> hahahah no problem
[13:58] <marcoceppi> icezimm: those are theoretical responses, not actually what is reality.
[13:58] <icezimm> i understand
[13:58]  * marcoceppi opens a bug
[13:59] <icezimm> where are you opening so I can follow?
[13:59] <bloodearnest> marcoceppi, hey there. So, I want a charm to use the python cryptography library, which wraps openssl, but trying to figure out how to install in the charms virtualenv
[13:59] <bloodearnest> . The latest charm build does source only wheels, so I can't include in wheelhouse.txt, as it won't install correctly.
[13:59] <marcoceppi> icezimm: https://github.com/juju/docs/issues/759
[13:59] <icezimm> I have a background on debian and puppet… no evaluating ubuntu/autopilot/juju so I'm really lost atm heheheh
[13:59] <icezimm> GH workflow… great!
[14:00] <marcoceppi> icezimm: yeah, most of the Juju stuff is on github, with everything making it's way over slowly
[14:00] <marcoceppi> icezimm: if you have any questions please feel free to let us know here :)
[14:01] <bloodearnest> marcoceppi, Ideally, I'd like to install from archives and use that (to support multiple arch). Is there a way to do that with the charm virtualenv (i.e. include system site packages)
[14:01] <marcoceppi> bloodearnest: the source wheel should be unpacked and installed on the remote unit, you'll just need to make sure openssl-dev, etc are installed
[14:01] <bloodearnest> marcoceppi, ah, k
[14:01] <marcoceppi> bloodearnest: well, no, but you don't need to include it in the wheel at all
[14:01] <marcoceppi> bloodearnest: the wheel is just charms hook deps, tbh
[14:01] <marcoceppi> bloodearnest: you can just, in the method you've wrapped with @hook('install') call out to charmhelpers.fetch.apt_install('yo-pkg')
[14:02] <bloodearnest> marcoceppi, my charm hooks use cryptography to generate a self signed certificate
[14:02] <icezimm> marcoceppi: I'd like to add another provider to juju deploy, could you point me on the direction? a documentation link, github link to code… anything can help ;)
[14:02] <lazypower> bloodearnest - wait
[14:02] <lazypower> bloodearnest - we have a layer to help you with that
[14:02] <marcoceppi> icezimm: I'll dig up some docs, wwitzel3 might be able to help while I look. Providers are written in Golang. Which are you looking to add (for curiosity)
[14:03] <icezimm> hummm great
[14:03] <lazypower> bloodearnest - give this a look and see if its what you're looking for. we have the interface impl for peering, which sets up a CA and does PKI / CSR for a service pool https://github.com/mbruzek/layer-tls
[14:04] <marcoceppi> icezimm: https://github.com/juju/juju/wiki/Implementing-environment-providers
[14:04] <lazypower> https://github.com/mbruzek/interface-tls - and this is the interface repository
[14:04] <icezimm> I found the implementations
[14:04] <icezimm> https://github.com/juju/juju/tree/master/provider/ec2
[14:05] <icezimm> this doc is amazing… thank you very much marcoceppi
[14:05] <wwitzel3> icezimm: don't use ec2 as a reference, use gce https://github.com/juju/juju/tree/master/provider/gce
[14:05] <wwitzel3> icezimm: also hi :)
[14:06] <icezimm> hello wwitzel3!
[14:06] <marcoceppi> icezimm: no worries, you may want to join the juju and juju-devel mailing lists (https://lists.ubuntu.com/mailman/listinfo/juju and https://lists.ubuntu.com/mailman/listinfo/juju-dev) if you haven't already
[14:06] <wwitzel3> icezimm: that overview doc covers most of what you'll need, you should be able to fill in the holes referecing the gce provider. You'll also want to join the juju-devel list as marcoceppi mentioned.
[14:07] <bloodearnest> lazypower, so, that looks like a different tools from what I'm working on. AIUI, it's for distributing a cert between service units, so they can tls there traffic to each other, right?
[14:07] <icezimm> marcoceppi: now I'm in
[14:07] <icezimm> :)
[14:07] <bloodearnest> I'm working on public facing tls certs
[14:07] <bloodearnest> the kind you put in apache
[14:08] <lazypower> bloodearnest: this works for that as well, as they are self signed either way they are going to raise an issue w/ a browser.
[14:08] <lazypower> bloodearnest: and these certs generated here will work in an apache vhost
[14:08] <icezimm> just curiosity, why gce and not ec2? (using deprecated api, code not so clear?)
[14:08] <bloodearnest> lazypower, one particular use case I'm trying to solve is multiple tls certs, doesn't look like this supports that?
[14:08] <marcoceppi> icezimm: the ec2 was one of the first providers we wrote, since then we've gotten better at coding them, so it kind of uses a lot of older, outdated environment designs
[14:09] <icezimm> ahhhh what I suspected heheh
[14:09] <lazypower> bloodearnest: lets hop on a hangout and riff over your use cases
[14:09] <marcoceppi> icezimm: GCE was written against that document so it'll line up better
[14:09] <bloodearnest> lazypower, plus, it git clones easyrsa, which means we can't use it atm
[14:09] <bloodearnest> lazypower, sure
[14:09] <icezimm> my idea is to work on softlayer provider
[14:10] <icezimm> but I know zero of go lang hahah (a good reason to start learning)
[14:10] <icezimm> ;)
[14:10] <lazypower> bloodearnest:  https://plus.google.com/hangouts/_/canonical.com/container-cats
[14:10] <marcoceppi> icezimm: I was under the impression that softlayer was moving to OpenStack?
[14:11] <bloodearnest> 434644
[14:11] <icezimm> marcoceppi: no
[14:12] <icezimm> ibm acquired blue box to provide "openstack as a service" for hybrid workloads
[14:12] <icezimm> but softlayer public cloud has its own api, and no intention to change on near future (afaik)
[14:13] <marcoceppi> icezimm: ah, that's where I'm confused. Well it looks like there's a few golang softlayer APIs already, so at least that work is already done
[14:13] <icezimm> I'm the maintainer for fog-softlayer and have my own softlayer client… but in ruby hahah
[14:14] <marcoceppi> icezimm: awesome!
[14:14] <icezimm> at least I'm very used to the api
[14:15] <marcoceppi> icezimm: yeah, so you only just need to wrap your head around golang and marry the two ;)
[14:15] <icezimm> yeah hahah
[14:16] <icezimm> https://github.com/sudorandom/softlayer-go
[14:16] <icezimm> sudorandom is softlayer staff
[14:16] <icezimm> I'm gonna check this, play a little then check how to marry with juju heheh
[14:17] <marcoceppi> icezimm: awesome, well if you have any questions or need help, feel free to ping in here!
[14:17] <icezimm> awesome.. thank you very much
[14:18] <icezimm> too many information/new stuff, need to study and learn a little bit more to come with new questions… hehehe
[14:18] <icezimm> marcoceppi rick_h_ wwitzel3 lazypower thank you for the help
[14:18] <bloodearnest> lazypower, lp:~bloodearnest/charms/trusty/x509-cert
[14:19] <icezimm> lazypower: I work arounded in the network problem
[14:19] <icezimm> but juju is still only configuring and up the private network on machines
[14:20] <icezimm> going lunch… brb
[14:24] <marcoceppi> cory_fu kwmonroe admcleod1 bigdata-devs apache-hadoop-plugin, that's just a charm we created, it's not really a apache/hadoop service, right?
[14:25] <cory_fu> Correct
[14:25] <admcleod1> right
[14:25] <marcoceppi> cool, thanks guys
[14:25] <cory_fu> Why do you ask?
[14:25] <marcoceppi> cory_fu: I'm documenting the benchmarking in apache-hadoop-plugin and am trying to get a description for it
[14:26] <cory_fu> marcoceppi: Also, we're going to be phasing it out with the conversion to layers, because layers provide a better solution to the problem it was addressing
[14:26] <cory_fu> Though that does mean we'll need a new home for the benchmark actions, hrm.
[14:26] <admcleod> client
[14:27] <marcoceppi> cory_fu: http://8e421f99.ngrok.io/benchmarks/#apache-hadoop-plugin that's fine, I'm just trying to fill this in like the other examples
[14:27] <cory_fu> admcleod: Yeah, probably.  Though I could also see them living on ResourceManager
[14:27] <marcoceppi> cory_fu: we can updtae the page when it finds a new home
[14:27] <admcleod> cory_fu: hm yes that would be better actually, that is more intuitive
[14:27] <marcoceppi> cory_fu admcleod I'd also love to put spark-bench on here :)
[14:29] <cory_fu> marcoceppi: "Apache Hadoop Plugin subordinate is provides both a connection point for the Apache Hadoop cluster as well as installation and management of the Apache Hadoop libraries and configuration for its principal service."
[14:30] <cory_fu> s/is//
[14:30] <marcoceppi> cory_fu: awesome, thanks!
[14:30] <marcoceppi> way better than what I was cobbling together
[14:30] <cory_fu> :)
[14:36] <bloodearnest> lazypower, https://github.com/bloodearnest/plugins/tree/juju-local-dns
[14:54] <Muntaner> hello to everyone!
[14:54] <Muntaner> I had a juju bootstraped openstack environment, amazingly working.
[14:54] <icezimm> Muntaner: I know how is this sensation… just got mine working today ;)
[14:55] <Muntaner> I bootstraped it from my laptop, and I cloud do "juju status", "juju deploy" and so on without problems. By the way, I was forced to format my laptop... now I don't have an ubuntu distro anymore, and I need to "talk" with the juju client with that environment another time
[14:55] <Muntaner> I backupped all the .juju folder - with all the ssh stuff, .jenv and so on - in order to do this on another VM which runs an Ubuntu distro
[14:56] <Muntaner> what should I do? simply install the juju client on this new virtual machine and then copy the .juju folder content which I backupped and should I see the environment again?
[14:57] <icezimm> about networking with juju, I have a MAAS with eth0 192.168.0.0/24 (public unmanaged) and eth1 10.1.1.0/24 (private managed), when deploy a new node it configures the private network and juju-br0 on eth1, but I can access my services because they should be accessible via eth0 and juju is not handling it… is it ok?
[15:13] <marcoceppi> Muntaner: basically
[15:17] <lazypower> Icey https://github.com/juju-solutions/charms.reactive/issues/32
[15:18] <lazypower> Muntaner: the .juju directory is portable, so you should be able to just drop that in on any system, osx, ubuntu, et-al. and it should "just work"
[15:19] <Muntaner> lazypower, great!
[15:19] <Muntaner> you gave me a great new
[18:38] <icezimm> I got landscape server running, but juju is exposing the service via my private network interface hahaha
[18:39] <icezimm> any suggestion on how handle to expose or via both, or via public one?
[18:53] <lazypower> dpb1 - ^
[18:56] <dpb1> lazypower: you would probably know more than me there. :(
[18:56] <lazypower> last i saw the landscape server doesn't bind to any specific ip
[18:58] <lazypower> icezimm: did you juju expose the servie?
[18:58] <lazypower> *service
[19:12] <icezimm> lazypower: no… I'm following the instructions
[19:12] <icezimm> theres nothing about exposing heheh
[19:12] <icezimm> lazypower: you can see my juju status
[19:12] <icezimm> https://gist.github.com/fernandes/71e36bb897d348b2f0b1
[19:13] <icezimm> exposed: false
[19:13] <icezimm> hummmm
[19:13] <icezimm> makes sense
[19:13] <icezimm> its not exposed
[19:13] <lazypower> icezimm: yeah, def juju expose landscape
[19:13] <lazypower> then give it a go
[19:17] <icezimm> lazypower: should I expose landscape-server or haproxy?
[19:18] <lazypower> icezimm: haproxy
[19:18] <lazypower> sorry this is off the cuff, i haven't looked @ the status output
[19:18] <lazypower> but iirc, landscape runs behind haproxy so you can scale it
[19:18] <icezimm> yeah
[19:18] <icezimm> here we go
[19:19] <icezimm> now I have haproxy as exposed
[19:19] <icezimm> but still public-address: 10.1.1.110 is what maas provided from its dhcp (private network)
[19:19] <icezimm> I entered on machine-0 and enabled eth0 (public network)
[19:20] <lazypower> icezimm: i'm headed out for lunch, i can help troubleshoot in an hour when i get back.
[19:20] <icezimm> but I think juju-br0 that connect to containers is only set on private
[19:20] <icezimm> lazypower: perfect… I do really appreciate, enjoy your lunch ;)
[19:20] <lazypower> well, juju-br0 isn't accessable outside the host unless the newer networking code landed
[19:21] <lazypower> i know that dimitern has done work here, and i'm sketchy on the details of whats landed and what hasnt
[19:21] <icezimm> no problem, atm I put a ethernet cable from my machine to private switch (nasty work around hahahaha)
[19:21] <lazypower> but container networking, if its still in the state that i last checked, is only accessable on the host unless you use some SDN charm(s) to modify that. if the HAProxy node is deployed on a principal unit, and not a container, that is co-located with landscape, connectivity shouldn't be an issue.
[19:21] <icezimm> I can work next hour while you lunch… I'm pretty well
[19:22] <lazypower> sounds good icezimm, see you in a bit o/
[19:22] <icezimm> thank you! \o
[19:28] <cory_fu> Question for anyone.  The way reactive decorators work, @when(true, true) fires, but @when(true, false) and of course @when(false, false) do not.  @when_not(true, true) clearly should not fire, and @when_not(false, false) clearly should.  What do you expect @when_not(true, false) to do?
[19:29] <jhobbs> when_all and when_not_all would be clearer
[19:30] <jhobbs> maybe :)
[19:32] <jhobbs> python has all() and any(), and you can negate those. that makes sense.  when_all(), when_any(), when_not_all() and when_not_any(). when just when_not() there isn't enough information
[19:32] <cory_fu> So you would expect @when_not(true, false) to fire, because at least one is false?
[19:33] <jhobbs> i would have to look it up
[19:33] <mbruzek> tvansteenburgh: is there a way to find the leader in Amulet code?
[20:11] <marcoceppi> icezimm: I think you need to enable a new feature, let me check
[20:11] <marcoceppi> icezimm: since you're on MAAS, expose has no real affect since MAAs doesn't have a firewaller
[20:13] <icezimm> hummm interesting
[20:13] <icezimm> expose if just a iptables accept?
[20:13] <icezimm> expose is just like a iptables accept?
[20:14] <marcoceppi> icezimm: yes, but we don't use local iptables, instead we use the providers firewaller, ie security groups
[20:15] <marcoceppi> icezimm: I think you need to enable a special networking feature for MAAS which makes containers addressable
[20:17] <marcoceppi> icezimm: yeah, it's "EXPERIMENTAL" in 1.25, but check out the 1.25.0 section here https://jujucharms.com/docs/devel/reference-release-notes specifically "Support "devices" on MAAS 1.8+"
[20:17] <marcoceppi> icezimm: that's what you need
[20:37] <lazypower> marcoceppi: ta, i was looking for that and didn't find it
[20:56] <jrwren> mbruzek: thanks for the merge.
[20:57] <mbruzek> jrwren: Yeah it was a net gain, but the tests still appear to suffer from race conditions
[20:58] <jrwren> mbruzek: indeed. I never set out to fix that or any of those tests ;_;
[20:59] <tvansteenburgh> mbruzek: re amulet and leadership, not directly, although it would be a simple add. for now you could use something like this http://paste.ubuntu.com/14056416/
[20:59] <tvansteenburgh> (not tested)
[20:59] <mbruzek> tvansteenburgh: thank you
[21:02] <icezimm> marcoceppi lazypower interesting…I'm gonna try this
[21:02] <icezimm> a little question… if I order bare metal machines on a provider, they have static ip address, is it possible to use under maas?
[21:03] <icezimm> wondering because on this container stuff I need to add a subnet routable to vlan on maas, so I can access the containers
[21:04] <icezimm> but thanks for pointing me in this direction, I can make more tests here
[21:04] <icezimm> and btw, now I'm running openstack :) amazing!
[21:13] <marcoceppi> icezimm: not sure about the baremetal providers, you "should" be able to, but I think you'll still need them to set up a vlan, it might be easier to instead use the "manual" provider which would allow you to just "add" machines to juju by doing `juju add-machine ssh:user@ip` and then you can deploy to that machine
[21:13] <marcoceppi> icezimm: also, not sure where you're located, but we're having a Juju Charmer Summit the first week of February where a bunch of us, the community, and core developers will be http://summit.juju.solutions/ registration is free and is colocated with FOSDEM and cfgmgmtcamp
[21:14] <marcoceppi> icezimm: here's the Manual Provider: https://jujucharms.com/docs/stable/config-manual
[21:15] <marcoceppi> icezimm: ie: juju bootstrap -e manual; juju add-machine ssh:user@machine; juju deploy mysql --to lxc:1; since the user@machine will now be machine 1
[21:15] <marcoceppi> not nearly as smooth as using a cloud provider, but it allows you to use "any old host" and as many or little servers as you want
[21:42] <ancaemanuel> Hi
[21:43] <marcoceppi> ancaemanuel hello, welcome!
[21:43] <ancaemanuel> do you have any plan for the next version of go ?
[21:43] <marcoceppi> ancaemanuel: great question, I know we're discussing moving to 1.5 of golang, but there are some considerations there
[21:43] <ancaemanuel> like an ppa for testing ?
[21:44] <marcoceppi> ancaemanuel: was there anything in particular you were looking for?
[21:44] <ancaemanuel> go 1.6 beta 1 will be released tomorrow, https://groups.google.com/forum/#!topic/golang-dev/6Ga5o2Ao2WM
[21:46] <marcoceppi> ancaemanuel: I don't think we're tracking that at all, so juju is being targeted for the golang version in Xenial, which is 1.5
[21:46] <ancaemanuel> it will be nice to test it and report bugs, if any
[21:46] <marcoceppi> ancaemanuel: well, we're not really responsible for golang packaging, I imagine someone will upload it somewhere though
[22:09] <ancaemanuel> then who is responsible ? Michael Hudson-Doyle ?
[22:18] <ancaemanuel> ok, I found him on twitter: https://twitter.com/ancaemanuel7/status/677250522701778945
[22:34] <marcoceppi> ancaemanuel: yeah, we really just make use of golang, but we target whatever is in the stable LTS for Ubuntu, not really bleeding edge