nottrobinAre interfaces a thing of the past? I found this URL on the NFS charm page - http://jujucharms.com/interfaces/mount - which appears to no longer exist.07:10
rts-sanderhey I installed juju-core from ppa:juju/stable but there's no juju command07:24
rts-sanderhad to install juju-1-default, now there's a juju command..07:26
admcleodjcastro: i think thats probably a good idea, ill bring it up today (big data spain)07:56
admcleodjcastro: only problem is it conflicts directly with apachecon07:56
magicaltroutoh it only conflicts with  ApacheCon Core, not ApacheCon Big Data08:00
magicaltroutthat would have been really silly08:00
magicaltrouti'm submitting talks to both and planning a week in the autumn sun ;)08:03
=== ant_ is now known as Guest59427
eeemil_What is the best practise for installing (and later running) an external program from a charm? If, for example, I would like to download source from git and compile it during the install-hook, where should I place the executable? Would it be fine to symlink, "ln -s $GIT_ROOT/bin/program /usr/local/bin"?08:13
magicaltroutgeneral best practice would dictate you compile it prior to charm building I would have thought, sysadmins would cry if you told them you were compiling at install time ;)08:14
magicaltroutother than that, your suggestion seems fine eeemil_08:14
eeemil_Hehe. :) Thanks!08:19
=== eeemil_ is now known as eeemil
eeemilI'm still quite new to Juju, when I try to deploy some units, their public adress (as reported by `juju status`) is a 10.0.0.*-address. Commands such as `juju ssh unitname/0` doesnt work. Are some units supposed to behave this way? If not, what could be wrong?08:46
magicaltroutI don't believe they are supposed to work that way eeemil08:48
magicaltroutdid I spot you are an openstack user? If so, I've never touched it so I could be wrong08:48
magicaltroutbut it sounds unlikely they should be spinning up and unaccessible08:48
eeemilYeah, I'm working on a charm that is supposed to work with openstack. I myself has quite limited experience of the inner workings of openstack, so right now I'm learning about OpenStack and Juju at the same time... :)08:50
magicaltroutyeah I've not touched it before, I prefer a simpler life :)08:50
magicaltroutsee if jamespage et al, are around08:50
magicaltroutthey should be able to help08:50
eeemilHaha ;) Sure!08:51
jamespagemorning folks08:55
jamespageeeemil, are you deploying to an openstack cloud?08:55
jamespageor deploying a openstack cloud?08:55
jamespageeeemil, btw we also have an #openstack-charms channel now as well08:57
eeemilI'm deploying a openstack cloud on aws!09:01
magicaltroutsounds like a cost effective way of getting a cloud.... in a cloud....! ;)09:02
admcleodmagicaltrout: ah good point re the confs09:15
magicaltrouti have many good points09:16
eeemilI heard you like clouds so i put a cloud in your cloud, so you can compute when you compute... I'm just testing stuff out. :)09:30
jamespageionutbalutoiu, hey - I just made some comments on https://review.openstack.org/#/c/33527609:45
jamespageneeds some test case fixes to deal with different mechanism driver configurations between releases.09:45
jamespagedosaboy, hey can you join #openstack-charms pls10:03
jamespageionutbalutoiu, hey can you join #openstack-charms as well pls10:03
jcastroadmcleod: magicaltrout: it might be worth having 2 teams go, one to each show, or an overlap, whatever makes the most sense?11:20
magicaltroutjcastro: ApacheCon Core in Vancouver wasn't anything special, so having Big Data folk go to ApacheCon Big Data and then onto Big Data Spain would probably suffice... who knows11:23
magicaltroutI have Pentaho Europe Community meetup the week before as well, so I'll be doing Antwerp -> Spain -> Spain11:24
magicaltroutI need a bigger suitcase11:24
admcleodjcastro: yeah, basically what magicaltrout said11:27
magicaltroutI have many good points11:27
jcastroare they both in barcelona or different parts of spain?11:28
magicaltroutSeville and BCN11:28
jcastrodang, further than I was expecting11:29
jcastrothat's not a train ride is it?11:29
magicaltroutjust get mark to send his jet11:30
admcleodbigdataspain is in madrid11:30
magicaltroutfair enough, I assumed jcastro knew what he was talking about :P11:30
admcleodmagicaltrout just wants to go to seville11:30
jcastromagicaltro+╡ Seville and BCN11:30
magicaltroutApacheCon is in Seville11:30
magicaltroutBig Data Spain... it in Madrid11:31
magicaltroutjcastro mentioned barcelona first11:31
magicaltroutso I blame him11:31
admcleodhmm.. something is also happening in bcn11:31
admcleodor i thought it was. anyway, madrid to seville is only 2.5 hr11:32
jcastroit sounds like a big data team spanish train tour is in order11:32
magicaltroutwhat are the trains like admcleod ? :)11:33
jcastroI took madrid->caceres by train once and they were awesome11:33
magicaltroutI've not travelled in spain just been for meetups11:34
dosaboyjamespage: sure thing11:40
ionutbalutoiujamespage, thank-you! I will fix them asap. Joined #openstack-charms as well :)12:22
magicaltroutjcastro: http://conf.dato.com/2016/us/agenda_day2/ this one just popped up in my feed. Too late this year but worth keeping an eye out for next year12:32
* jcastro nods12:33
magicaltroutalso Intel are making some efforts to gain traffic in that sector with TAP12:34
magicaltrouthttp://trustedanalytics.org/what-is-tap/ you guys might want to make contact with them to discuss Juju with them12:34
magicaltroutI can tell you who to make contact with12:35
magicaltrout2 mins12:35
magicaltrouthttps://twitter.com/mchmarny find this guy on linkedin or somewhere and ping him12:35
jcastrodang, the installation pages are blank github wiki pages12:36
magicaltroutthe link is borked jcastro12:36
jcastrogot it12:37
jamespageionutbalutoiu, awesome!12:49
neiljerrammbruzek, are you around for another question about etcd/TLS?12:52
mbruzekneiljerram: Yes I am13:01
neiljerrammbruzek, Thanks. I wanted to check my understanding of how client certificates are generated.  IIUC, the etcd leader unit (via layer-tls and tlslib) generates just one client certificate, and hands this out to however many etcd clients connect to it - as opposed to, say, generating a different client certificate for each client that connects.13:03
neiljerrammbruzek, Is that correct?13:04
mbruzekneiljerram: Yes I think for the client certificate that is correct. Each peer (unit of the same charm) generates a certificate signing request (CSR) and the leader/CA signs a server certificate for them.13:05
mbruzekneiljerram: but yeah the client cert/key is only generated once and shared on leader data if I am not mistaken.13:06
neiljerrammbruzek, Thanks. I don't see any problem with that, just wanted to check.13:07
mbruzekneiljerram: OK13:07
neiljerrammbruzek, A detail, though: does this imply that the client cert doesn't need to have a name in it (e.g. hostname) that is specific to each client?  Is that because the etcd/TLS server doesn't check any such field?13:08
* mbruzek is checking the code13:09
mbruzekneiljerram: OK it looks like the client certificate is generated with the CN of the leader server, and the same Subject Alt Names as the leader...13:11
mbruzekBut I thought for some reason that easy rsa omitted the name in the client cert generation13:13
neiljerramUnfortunately I don't have a deployment up right now, so can't confirm that...13:14
mbruzekI am bootstrapping... let me check this out13:14
mbruzekneiljerram: Are you getting a problem with the client cert?13:15
neiljerramNo, not at all - just wanted to fully understand how things are working.13:15
mbruzekneiljerram: I am spinning up an etcd cluster now to verify, you can ask all the questions you wish.13:23
neiljerrammbruzek, I have a cluster on the way up too...13:23
mbruzekneiljerram: This is the client.crt on an etcd cluster. The issuer is always going to be set, but the Subject name is "client"13:30
mbruzekIt looks like the code does set subject alt name to the three things identifying the server: IP Address:, IP Address:, DNS:juju-f9bdca-013:31
mbruzekIt probably doesn't need to do that13:31
neiljerramYes, I see that too.13:31
neiljerramSo presumably, when an etcd client submits its certificate, the server (i.e. etcd master node) is happy with "client" ?13:32
mbruzekThat is my understanding. the same TLS code is used for kubernetes and I have been successful using the client key in kubernetes as well13:33
neiljerramOK, that's great, thanks very much for checking all this.13:34
mbruzekneiljerram: If you have any problems or want us to change they way they are generated:  https://github.com/juju-solutions/layer-tls/issues13:35
neiljerramSure - thanks!13:35
mbruzekneiljerram: I don't think SANS should be set for the client, as this could be used by any client13:35
neiljerrammbruzek, I'm not sure I understand the impact there...13:37
mbruzekneiljerram: We worked hard to get the SANS in the server certificates so they could be referred to by the public and private and dns name. I don't think the client certificate needs that. I don't think there is a problem with them there just not technically correct.13:38
neiljerrammbruzek, Do you mean "not technically correct" because those SANS are names/IPs of the server and not of the client?  If so, I think I understand :-)13:40
mbruzekyes. My understanding of the client certificate is it can be used by any client (like your laptop) and if the SANs are baked in then those addresses are not correct.13:41
mbruzekI don't think they are checked13:41
mbruzekWe were working so hard to get SANs in the sever cert I must have put them everywhere.13:41
mbruzektls is hard13:42
iceyis there a reasonably direct way of accessing all unit IPs of a service in amulet?14:39
marcoceppiicey: loop over the dict?14:41
marcoceppiicey: public or private?14:41
iceymarcoceppi: doesn't really matter, I'm testing something that is outside of Juju's scope but I want to test from amulet14:42
jrwrenicey: x['public-address'] for x in d.sentry[appname] ?14:44
iceyjrwren: thanks, looks like it should do it :)14:44
* marcoceppi recommends doing x.get() to avoid key errors14:52
arosalesmarcoceppi: coreycb: urulama|afk just let me know that there can only be one promulgated charm per user across all series15:02
arosalesso there can't be a promulgated xenial zookeeper under cory and  separate promulgated precise zookeeper under james15:03
arosalesthe issue this really brings up is how we handle upgrades between non-layered and layered charms15:03
mbruzekneiljerram: Still here?15:17
neiljerrammbruzek, Hi, yes.15:17
mbruzekneiljerram: https://github.com/juju-solutions/layer-tls/pull/4015:17
mbruzekneiljerram: Please review and let me know if that is OK with you15:17
neiljerrammbruzek, Sure, will do.15:18
mbruzekI built etcd with that tls layer, everything still worked and there were no SANs in the client certificate.15:18
lazyPowermbruzek - i pruned the layer-tls issue tracker. it looks like we hadn't been in there in a bit, and had closed out an additional 3 bugs15:25
mbruzeklazyPower: I would like your help on one of them15:25
lazyPowersure, whats up?15:26
mbruzeklazyPower: Wasn't there a need to put additional SANs in the leader's cert for ? Or was that an issue on a different layer?15:29
lazyPowermbruzek - we do need to get the SDN address of the unit added to its CSR15:29
mbruzeklazyPower: I need your help on how to do that in a generic way, that sounds like something the tls layer will have to grow support for15:30
lazyPoweri dont think we have any notion of delaying until the SDN probe has completed. we might have to re-tool the sequence of states so the SSL CSR Generation is dependent on the SDN being available first15:30
lazyPowermbruzek - so, i guess there's 2 approaches here. either we delay CSR generation, or we have ot account for and allow charms to update their CSR and re-request a certificate15:31
mbruzeklazyPower: hrmm. that is a problem. I thought the toughest problem would be to have a layer above send additional SANs to the tls layer15:33
lazyPowerwe can use the unitdata module to pass info through the layers, i dont think thats as tough of a nut to crack as getting the sequencing right and not taking 30 minutes to deploy k8s15:34
lazyPowerif we delay on sdn turnup, that'll likely bloat the install time :/15:34
lazyPowerbut there's really no way to know what ip range we've been given until that happens15:35
mbruzekGood point batman, this is a tough riddle.15:35
lazyPowermbruzek - i'm not sure just yet what is the right way to do this... i guess we can "pick a path and revise"15:36
mbruzeklazyPower: we pass in a cidr config parameter for kubernetes. Could we not calculate the SDN address based on the cidr?15:37
lazyPowerthats a huge range we've given it by default15:38
lazyPowerthats a big guess :)15:38
lazyPowermbruzek - i think we're hard coding that address for the api server. Its that or when we spin up, flannel is always getting the exact same response for which cidr to consume.15:39
PrabakaranHello Team, Getting this error http://pastebin.ubuntu.com/18712357/ while bootstrapping the enviroment in Juju 2.0 installation on Ubuntu Trusty Power machine. Please advise.16:21
PrabakaranJuju 2.0 Installation Steps which i have followed is http://pastebin.ubuntu.com/18712502/16:23
rick_h_Prabakaran: Juju 2.0 uses lxd which is in xenial. The devel PPA is not supported with lxd on trusty at this time16:23
rick_h_Prabakaran: ic, you grabbed lxd from backports.16:24
rick_h_seems there's some combo of issue init'ing lxd there. can you specify what version of lxd you have?16:25
PrabakaranHello Kevin, Getting this error http://pastebin.ubuntu.com/18712357/ while bootstrapping the enviroment in Juju 2.0 installation on Ubuntu Trusty Power machine. Juju 2.0 Installation Steps which i have followed is http://pastebin.ubuntu.com/18712502/ . Please advise16:25
Prabakaran<rick_h_> Do u have any command to check lxd version16:27
rick_h_Prabakaran: lxd --version16:29
Prabakaranit is 2.0.316:29
rick_h_Prabakaran: do you get an error message if you run the lxd command manually that might give a hint? From line 5 in the pastebin with your output from bootstrap16:31
PrabakaranI am not getting any error when i am running lxd commands manually.... I am getting this issue while bootstrapping juju16:35
rick_h_Prabakaran: right, but Juju tried to run that command and it failed.16:36
kwmonroePrabakaran: can you paste the logs from  /var/log/lxd/lxd.log and /var/log/lxd/juju-*/*.log?16:36
rick_h_Prabakaran: so I'm wondering if it works correctly by hand or gives more clear messaging than "exit 1"16:36
rick_h_ah, and kwmonroe points out the logs that might be much more useful :)16:36
jobothello, I am trying to push a charm to the store, but "charm login" gives an error ERROR login failed: cannot get user details for .... / When I login to the SSO page, it shows that the charm command has logged in properly though.16:38
PrabakaranLogs are here //paste.ubuntu.com/18713495/16:38
rick_h_jobot: can you run charm whoami ?16:39
PrabakaranError: whoami is not a valid subcommand  usage: charm subcommand    Available subcommands are:     add     build     compose     create     generate     get     getall     help     info     inspect     layers     list     promulgate     proof     pull-source     refresh     review     review-queue     search     subscribers     test     unpromulgate     update     version16:40
rick_h_Prabakaran: sorry, meant jobot there16:40
jobotwhoami gives an error that says i'm not logged in16:40
Prabakarankevin i am seeing lots of logs are in the sub directories16:40
urulama|afkjobot: did you login through jujucharms.com as well?16:42
=== urulama|afk is now known as urulama
PrabakaranSee these logs if it helps16:43
Prabakaranhttp://paste.ubuntu.com/18713849/ http://paste.ubuntu.com/18713851/ http://paste.ubuntu.com/18713852/16:43
rick_h_urulama: ah, might be a "I don't have a record in charmstore" issue?16:43
urulamarick_h_: yes16:43
urulamajobot: so, please login through jujucharms.com first, then use charm login again16:44
jobotok will try thanks16:44
jobot@urulama that worked. thank you guys16:46
rick_h_jobot: what docs were you following? We should update for that case16:46
rick_h_jobot: ty, will go through that and make sure that's in there16:47
cory_fupetevg: https://plus.google.com/events/col2a1aertqj329rjb8tgg314u016:47
cory_fupetevg: (related to https://github.com/juju-solutions/jujubigdata/pull/59)16:47
urulamarick_h_: ok, adding an issue for those docs16:48
kwmonroePrabakaran: still looking.. i have trusty/lxd working on intel, so i'm trying to compare your logs with mine.16:48
petevgcory_fu: cool. I'll make a note to drop in.16:48
PrabakaranIs there a clash between Juju 1.25 which i was installed before in the same machine? Because i uninstalled juju 1.25 which i have installed in the same machine. and tried juju 2.016:50
kwmonroePrabakaran: there shouldn't be a clash.. when you install juju-2.0, it should have made 2.0 the default.  i have both juju-1 and juju-2 installed on my host and they work fine together.17:06
kwmonroePrabakaran: can you verify your user is indeed in the lxd group?  run "id | grep lxd"17:07
kwmonroePrabakaran: it looks like something related to seccomp -- line 132 of http://paste.ubuntu.com/18713851/ says "ERROR    lxc_seccomp - seccomp.c:lxc_seccomp_load:615 - Error loading the seccomp policy"17:09
kwmonroebut i'm not sure what that really means.  anyone else have issues with lxd on trusty?17:09
kwmonroespecifically with failures to bootstrap17:10
kwmonroePrabakaran: can you paste the output of 'lxc-checkconfig'?17:11
lazyPowerkwmonroe - i didn't know we supported lxd provider on trusty. i thought it was wiley +17:14
kwmonroelazyPower: i don't know that we do either, but i know it's working well for me using 14.04.4 (kernel 3.13.0-91-generic) with lxd-2.0.3 and juju2 beta 11.17:17
lazyPoweri suppose it was only a matter of time before the packages got backported17:18
kwmonroeyup yup, trusty-backports ftw17:24
Prabakarankwmonroe .. id | grep lxd  ----> Shows nothing17:37
Prabakaranlxc-checkconfig ----> output is http://pastebin.ubuntu.com/18718695/17:38
kwmonroePrabakaran: woohoo! i think we have an easy fix.. do you see your user listed with 'grep lxd /etc/group'?17:39
Prabakaranhere i have a question..can i install juju 2.0 as a non-root user?17:41
Prabakarani have tried in both the ways17:41
kwmonroeok Prabakaran, try running 'newgrp lxd' as the pll user.. then you should see output from 'id | grep lxd'17:41
kwmonroedunno about juju-2 as non root.. i always install with 'sudo apt install juju-2.0'17:42
Prabakaranhere i am not able to run this command newgrp lxd.. so switched as root17:43
Prabakaranand got this o/p "uid=0(root) gid=121(lxd) groups=0(root),121(lxd)"17:43
MakyoHi folks.  Trying to bootstrap an LXD controller, but running into a problem on 2.0-beta12: http://paste.ubuntu.com/18719911/ Any thoughts on this?17:53
Makyonvm, got it.  Wish the error mentioned --upload-tools :/18:03
lazyPowerMakyo - rockin that not-in-devel-ppa beta release i see :)18:06
kwmonroePrabakaran: were you able to bootstrap with the root user?18:08
MakyolazyPower: GUI dev knows no bounds.18:11
Prabakaranno i am not able to do bootstrap18:11
kwmonroesame error?18:12
Prabakarankwmonroe , yes i am getting same error "ERROR failed to bootstrap model: cannot start bootstrap instance: Error calling 'lxd forkstart juju-f46a2e-0 /var/lib/lxd/containers /var/log/lxd/juju-f46a2e-0/lxc.conf': err='exit status 1'"18:24
kwmonroePrabakaran: anything new in /var/log/lxd/juju-f46a2e-0/*.log?18:25
Prabakarani think logs looks simillar.. anyway see the logs http://paste.ubuntu.com/18722657/ http://paste.ubuntu.com/18722658/ http://paste.ubuntu.com/18722660/18:27
Prabakarankwmonroe i think logs looks simillar.. anyway see the logs http://paste.ubuntu.com/18722657/ http://paste.ubuntu.com/18722658/ http://paste.ubuntu.com/18722660/18:30
Prabakaran<kwmonroe>, If you find any fix on this ...please mail me on the same. And its time for me to sleep.. Thanks :)18:38
kwmonroenp Prabakaran -- have a good night!18:38
jobotHello again. After doing ,"charm push" and/or "charm publish" does the code eventually end up on launchpad?18:56
rick_h_jobot: no, it's disconnected from LP18:57
rick_h_jobot: do your charm dev where you wish, and push to the store when it's ready18:57
lazyPower\o/  its liberating to say that huh rick_h_18:59
=== scuttle|afk is now known as scuttlemonkey
jobotHah ok thanks. But to connect bug reporting, I would still need to forward to something like launchpad?19:06
rick_h_jobot: sure, there's a charm set-bug-url and set-homepage-url I think that lets you set those atrributes19:06
rick_h_jobot: so supply those to where the charm is managed19:07
jobotOk. Lastly, I recall an ingestion cycle from lp to the store. Is that similar for the new method? The charm is not yet searchable19:08
lazyPowerjobot https://jujucharms.com/docs/devel/authors-charm-store - we have a document guiding how the new publishing process works19:09
lazyPowerjobot - any feedback here is appreciated, as its still relatively new documentation, and we may have forgotten something or need to clarify some steps.19:10
jobotOk thanks for your help19:11
=== urulama is now known as urulama|__
lazyPowermbruzek - ping19:44
lazyPowerhave a sec to take a look at this? https://code.launchpad.net/~lazypower/charms/trusty/kibana/dockerbeat-dashboard/+merge/29780419:44
mbruzek25 files of json added? Are these custom files or did you copy them from somewhere?19:49
lazyPowermbruzek - imported from a fork of the beats dashboard repository19:55
=== scuttlemonkey is now known as scuttle|afk
=== redir_sprint is now known as redir
=== freeflying__ is now known as freeflying
jhobbsadmcleod: hi there, any chance you could have a look at https://bugs.launchpad.net/juju-core/+bug/1600054 and see if I'm doing something obviously wrong or unsupported?23:43
mupBug #1600054: Running generate-image twice with separate virt-types overwrites rather than appends <v-pil> <juju-core:New> <https://launchpad.net/bugs/1600054>23:43

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!