/srv/irclogs.ubuntu.com/2016/08/09/#juju.txt

bjf	i'm trying to bootstrap a juju 2.0 controller behind a firewall. how do i specify a proxy to use?	00:32
bjf	the bootstrap is stuck trying to get the tools (i think)	00:53
thumper	bjf: there is config for proxies, http_proxy, https_proxy, ftp_proxy no_proxy	01:03
thumper	etc	01:03
thumper	also apt_http_proxy	01:03
* thumper looks for docs		01:03
thumper	bjf: https://jujucharms.com/docs/2.0/juju-misc#configure-proxy-access	01:04
bjf	thumper, juju 2.0 doesn't recognize "juju set-env"	01:19
bjf	thumper, if i set that in the environments.yaml file do i set it under "environments:" or under the next level "maas:" ?	01:23
=== wolverin_ is now known as wolverineav_
=== natefinch-afk is now known as natefinch
thumper	bjf: set-model now	02:10
thumper	bjf: also there is no environments.yaml for 2.0 now	02:10
thumper	bjf: but clouds, accounts etc	02:10
bjf	thumper: so that doc is pretty much completely wrong :-)	02:10
thumper	wallyworld: do you know where the docs are now?	02:10
thumper	bjf: damn...	02:11
bjf	thumper, meh, it's fast moving .. i'm sure it will get fixed up	02:12
bjf	thumper, so, i have a fairly recent 2.0 install on this system, never a 1.x and yet there is a .juju/environments.yaml file	02:13
thumper	hmm...	02:13
thumper	weird	02:13
bjf	thumper, there is no set-model either	02:14
* thumper looks		02:14
thumper	set-model-config	02:14
thumper	`juju help commands` is helpful	02:14
bjf	thumper, ok, lots more there than i thought	02:15
bjf	thumper, that can only be used after i already have a controller	02:16
thumper	bjf: look at `juju help bootstrap`	02:16
thumper	you need to pass in some config yaml	02:17
bjf	thumper, and that config.yaml can just be name=value pairs?	02:17
thumper	look like --config=somefile.yaml works	02:18
thumper	and in there you have you keys and values, like:	02:18
thumper	default-series: xenial	02:18
thumper	apt-http-proxy: http://10.250.171.1:8000	02:18
thumper	etc	02:18
bjf	thumper, ack, thanks, will give is a try	02:18
thumper	kk	02:18
thumper	let us know how it goes	02:18
bjf	will do	02:19
bjf	bootstrapping .. will take a while	02:20
bjf	thumper, i must not have it right. it's been sitting at "Fetching tools" for some time	03:02
bjf	my config file:	03:02
bjf	$ cat juju-bootstrap-config.yaml	03:02
bjf	http-proxy: http://squid.internal:3128	03:02
bjf	https-proxy: http://squid.internal:3128	03:02
bjf		03:02
bjf	the command line: juju bootstrap kernel-controller kernel --constraints tags=juju-controller --debug --config=~/juju-bootstrap-config.yaml	03:03
thumper	hmm....	03:05
thumper	wallyworld: thoughts ^^^^?	03:05
wallyworld	um	03:06
bjf	thumper, ok, may be my problem	03:07
wallyworld	looks ok, assuming there's a custom cloud called kernel	03:07
wallyworld	if the proxies are not working as expected, then tools will not be fetched	03:07
bjf	wallyworld, thumper yeah, i think i don't have the proxy right .. debugging	03:09
bjf	thumper, wallyworld thanks for the help. got it bootstrapped. had nothing to do with the proxy, maas config issue i hadn't noticed before	03:50
thumper	bjf: sweet	03:50
wallyworld	great	03:51
=== jamespag` is now known as jamespage
kjackal	Hello Juju World!	08:43
babbageclunk	Morning!	08:43
=== mwhudson_ is now known as mwhudson
lazyPower	Mornin #juju o/	13:19
magicaltrout	ahoyu	13:20
magicaltrout	-u	13:20
lazyPower	ohaiyu magicaltrout	13:20
lazyPower	speaking of... We still need to do that sync	13:21
magicaltrout	yeah we do	13:21
magicaltrout	next week would actually be good because i'll be post op eye surgery and pretty incapacitated but with a bunch of spare time for talking	13:21
lazyPower	oh!	13:23
lazyPower	i scheduled for friday, any specific day next week? I'm happy to move	13:23
magicaltrout	yeah friday is actually op day, so that wont be happening ;)	13:23
magicaltrout	tuesday or wednesday would be good	13:23
lazyPower	lol! how dare you take care of yourself	13:23
lazyPower	same approx time work? I wanted to catch the UK/US overlap as best i could	13:23
magicaltrout	3pm UK would suit	13:24
lazyPower	Updated for Tuesday, 8/16	13:26
lazyPower	thanks tom :)	13:26
magicaltrout	no probs	13:26
magicaltrout	should be good	13:27
lazyPower	just lmk if you need to resched. eye surgery... oi	13:27
lazyPower	i've thought about going down that path to get rid of the spectacles... i'm still iffy about having someone cut on my eye	13:27
magicaltrout	should be 5 days unable to see properly cause i have to wear pretective contacts post op because of a thin cornea or something	13:28
magicaltrout	so i have a bit more recovery time and annoyance, but should be good to get rid of the glasses	13:28
lazyPower	I'm going to live vicariously through you, and then goad myself into doing the same	13:28
magicaltrout	they said the op takes about 30 seconds an eye?!	13:29
lazyPower	assuming you dont grow eye gremlins	13:29
lazyPower	if you grow eye gremlins all bets are off	13:29
magicaltrout	lol	13:29
magicaltrout	yeah well i might go blind	13:29
magicaltrout	you never know	13:29
lazyPower	i sincerely hope thats not the case	13:29
magicaltrout	hehe	13:29
lazyPower	i'm sure you'd pick up TTD pretty quick, but i digress	13:29
lazyPower	i'd rather not test the state of accessability in the world	13:30
magicaltrout	well everyuone i spoke to have said it was the best thing they've had done	13:30
magicaltrout	so I figured what the heck	13:30
lazyPower	Looking forward to derailing the meeting over the download from the experience :)	13:31
lazyPower	#destroyallmeetings	13:32
magicaltrout	hehe	13:32
magicaltrout	dynamic UID and GID on containers where root access isn't allowed	14:29
magicaltrout	in docker	14:29
magicaltrout	what a bloody hack	14:29
lazyPower	yup	14:29
lazyPower	the new security paradigm in docker confuses me	14:29
magicaltrout	we have a bunch of NFS backed containers and the UID/GID for dev/staging/prod have to be different which is fair enough, so I had a semi hack with gosu in place	14:31
magicaltrout	but that doesn't stop exec /bin/bash giving you a root shell	14:31
magicaltrout	which makes security folks sad	14:31
magicaltrout	admittedly the person would already have broken into your host, but thats beside the point	14:32
magicaltrout	so now I have a hack that creates a user in the docker file, does its stuff, then in the entrypoint sudo's(sadface) modifies itself to set the new UID/GID, chowns a bunch of stuff then removes its own root access.....	14:33
lazyPower	https://www.minio.io/ -- neat	14:39
D4RKS1D3	Hi people, we have in juju some funny command to change the public ip in one charm?	15:17
lazyPower	D4RKS1D3 - not sure what you mean by "some funny command ot change the public ip"	15:39
lazyPower	are you asking if you can change the units public-address?	15:40
D4RKS1D3	yes lazyPower	15:40
lazyPower	D4RKS1D3 - i may be incorrect, but as i understand it, the public-address is auto-discovered by the agent, and is fed by metadata from your cloud. You could reasonably remote into the unit and manually change this in the agent config, but i dont know that I would advise doing that, as i'm not sure what unintended side effects it may have	15:41
lazyPower	D4RKS1D3 i do believe that our openstack provider has the notion of a floating ip. and I would urge you to mail the list about that	15:41
D4RKS1D3	I have my lxc working to run openstack	15:42
D4RKS1D3	I mean this lxc public ip	15:42
D4RKS1D3	these*	15:42
balloons	rogpeppe, any concerns with migrating https://launchpad.net/gnuflag over to using git instead of bzr? I'm asking because we're encountering a bzr issue trying to build a juju snap using launchpad.	16:22
balloons	rogpeppe, you can see the details here: https://launchpadlibrarian.net/277983664/buildlog_snap_ubuntu_xenial_amd64_juju_BUILDING.txt.gz	16:22
rogpeppe	balloons: is that the only remaining bzr dependency?	16:22
balloons	rogpeppe, if godeps could pull from a git source we would be a-ok. It's one of 2 remaining bzr depends. Interestingly enough the other is tomb, which I think could be updated to point to the git repo	16:23
balloons	so, it may very well be the only one	16:23
balloons	rogpeppe, it's interesting you still need a fork for the package after all these years	16:28
rogpeppe	balloons: i'll take a look. i don't think there'll be any problem moving gnuflag.	16:28
balloons	rogpeppe, awesome. I'm happy to make the change in the dependencies.tsv and do a PR once it's done, or you can propose	16:29
rogpeppe	balloons: sure	16:29
rogpeppe	balloons: and it looks like we could move the tomb dep to gopkg.in/tomb.v1 without probs too	16:30
rogpeppe	balloons: i've created https://github.com/juju/gnuflag	16:47
rogpeppe	balloons: have fun :)	16:47
balloons	rogpeppe, ty! :-)	16:48
=== frankban is now known as frankban\|afk
beisner	tvansteenburgh, got a bit of a hot one here. seeing test leaks (false passes) over this guy: https://github.com/juju-solutions/bundletester/issues/54	19:49
beisner	and a patch to accompany: https://github.com/juju-solutions/bundletester/pull/55	19:49
tvansteenburgh	beisner: merged	19:51
beisner	tvansteenburgh, thx sir	19:53
x58	wg 15	19:59
bdx	kwmonroe: I'm going to be charming up a few grails apps over the next few days/weeks	20:09
bdx	kwmonroe: I'll be making use of openjdk charm quite a bit it looks like :-)	20:10
lazyPower	bdx - how did your ES/Kibana deployment go? get them all charm upgraded?	20:11
bdx	errr .. making use of the openjdk *layer	20:11
magicaltrout	don't trust anything written by a texan	20:12
bjf	https://jujucharms.com/docs/2.0/authors-charm-writing seems to be completely out of date for JuJu 2.0 .. can anyone point me at more up-to-date docs for writing my first charm?	20:13
bdx	lazyPower: I barked up that tree for a while ... the app is being sold to a customer .... our project managers don't think it makes sense for our devs to spend cycles there I guess	20:13
bdx	at least I tried	20:13
bdx	:-(	20:13
lazyPower	bjf - wow you found a really crutfy doc, have a look here	20:14
lazyPower	https://jujucharms.com/docs/2.0/developer-getting-started	20:14
bdx	magicaltrout: are you tex-ist?	20:14
magicaltrout	bjf: https://jujucharms.com/docs/2.0/authors-charm-building	20:14
kwmonroe	cool bdx!! let me know if you run into things that you'd like. eg, we could make jvm params configurable and pass them on the relation.. so charms that required java could do @when(java.ready), function start_me_up(), java {java.get_tuning} myJar	20:14
lazyPower	bdx - no worries :) was just curious since we spent some time troubleshooting a really ancient tutorial	20:14
lazyPower	er, s/tutorial/installation	20:14
magicaltrout	no bdx just kwmonroe-ist ;)	20:14
bjf	lazyPower, magicaltrout thanks	20:14
lazyPower	magicaltrout - stop linking to the author docs, they're basically deprecated at this point.	20:15
lazyPower	bjf - feedback / bugs / et-al welcome on the developer guide	20:15
lazyPower	bjf - if you do enounter any head scratchers - https://github.com/juju/docs/issues	20:15
magicaltrout	lazyPower: i just googled charm layer writing	20:15
magicaltrout	and that was top	20:15
magicaltrout	surely that one can't be that out of date	20:15
lazyPower	i cannot change google :( i'm sadly not a panda	20:15
bdx	magicaltrout: hes going to get you for that one	20:15
bdx	like the boogieman	20:16
magicaltrout	at a scan it looks current lazyPower what am I missing?	20:16
lazyPower	magicaltrout - it sure can, the author docs were the developer guide before we went through and re-wrote them as the dev guide. THey linger for purposes unknown to me	20:16
magicaltrout	bdx: he's too lazy to get any body	20:16
bjf	magicaltrout, i got that by googleing "juju charm tutorial"	20:16
kwmonroe	i feel like i should get somebody.. but i'm just gonna stay on the couch instead.	20:17
magicaltrout	lazyPower: you say that but	20:17
magicaltrout	https://jujucharms.com/docs/2.0/developer-layers	20:17
magicaltrout	then you click on the Getting started link at the bottom	20:17
magicaltrout	and it 404s :)	20:17
lazyPower	because it has a hard coded /devel link in there	20:18
* lazyPower sighs		20:18
* lazyPower resigns		20:18
magicaltrout	hehe	20:19
kwmonroe	heh	20:19
magicaltrout	adios lazyPower ! ;)	20:19
kwmonroe	noooooes	20:19
magicaltrout	got my talk switched so i'm not clashing now lazyPower	20:19
magicaltrout	amsterdam on the 31st	20:19
magicaltrout	london on the 1st	20:19
magicaltrout	eye op on the 12th	20:19
magicaltrout	what could go wrong?! ;)	20:20
lazyPower	you could remind me that we have more work to do in the docs thanks to decisions that were made outside of anyone else knowing?	20:20
lazyPower	some cowboy out there owes us an explanation	20:20
magicaltrout	don't forget you have more work to do on the docs due to decisions that were made outside of anyone else knowing	20:20
magicaltrout	I think som cowbory out there owes you an explanation	20:21
magicaltrout	kwmonroe: ?	20:21
* lazyPower sets off explosions and walks away		20:21
lazyPower	cool guys never watch the explosion	20:21
magicaltrout	hehe	20:21
lazyPower	they're too busy walking away from it	20:21
magicaltrout	it've seen that in films	20:21
magicaltrout	so it must be true	20:21
kwmonroe	anyone know how to rewrite jujucharms.com/docs commit history? asking for a friend.	20:22
magicaltrout	hehe	20:22
magicaltrout	here you go if you want to see a treat http://pastebin.com/F7mP83AB	20:22
magicaltrout	the biggest hack ever to get the security i need in my docker entrypoint	20:22
magicaltrout	jesus its taken all afternoon to figure out the correct order of hackage	20:22
lazyPower	kwmonroe - first time caller, long time listener - I hear its as simple as git rebase -i revno && git push upstream master --force	20:23
kwmonroe	heh magicaltrout, "/bin/rm -rf /etc/sudoers", what could possibly go wrong?	20:26
kwmonroe	i'm gonna giggle when /etc/sudoers is a symlink to /	20:26
magicaltrout	lol i know	20:26
magicaltrout	well i can clearly refine parts, but as I don't want sudo access any more	20:26
magicaltrout	i'm just like "f-it, blow it away"	20:27
lazyPower	magicaltrout - <<jackie face meme>>	20:28
lazyPower	y u do dis	20:29
kwmonroe	yeah magicaltrout, you not only said "f-it", you said "recursively f-it"	20:29
magicaltrout	recursion is my life	20:29
kwmonroe	you should totally do "rm -rf /${SUDOERS_FILE} \|\| rm -rf /etc/sudoers". for security. make sure you get that leading slash in there.	20:31
magicaltrout	i think this is more security by obscurity	20:32
* magicaltrout doesn't do what kwmonroe says anyway :P		20:32
kwmonroe	anyway bdx, sorry for this trout spam, but i am really curious about your interactions with the java interface and openjdk layer. we could go really nuts with (making jvm params configurable, emitting a changed state so principal charms know they need to restart to get new jvm bits, etc). i feel it's a bit silly atm because it's just "install java... and done i guess."	20:37
magicaltrout	you promised that when i said i was using jdk charm	20:38
magicaltrout	never happened ;)	20:38
kwmonroe	i remember magicaltrout. but you were just learning python, so i didn't want to make things too complicated. bdx can handle it. :P	20:42
magicaltrout	hehe	20:43
kwmonroe	you were all like "pyth... what comes next?" and i was all like "on dude, just type o-n!"	20:43
magicaltrout	sad times	20:43
kwmonroe	:)	20:43
bdx	kwmonroe: I think the elastic stack services could greatly benefit from those mods	20:53
bdx	kwmonroe: for example elasticsearch - cloud greatly benefit from the configurability of JAVA_OPTS	20:54
bdx	ES_HEAP_SIZE=10g	20:54
bdx	that currently defaults to 2g	20:55
kwmonroe	glad you think so bdx, because that entitles me to ask you questions about the implementation. so.. if a principal service is running, would you (as the operator) be upset if some admin changed an openjdk config value and it restarted your service?	20:55
kwmonroe	or would you rather that simply trigger a status update that sets the openjdk status to "settings changed, please restart the principal service"?	20:55
kwmonroe	because, for example, restarting datanodes in a big data environment just because the heap size changed may not be a good idea for in-flight stuff.	20:56
kwmonroe	on second thought.. it would be up to the principal charm author to decide how to react to java states.. so i guess it's not a big deal. java should tell/emit states and let whomever cares about it to deal with it.	21:00
magicaltrout	they could check the config change	21:00
magicaltrout	and see if its worth a reboot	21:00
kwmonroe	yup, and the "worth" determination would be presented as a status change.. so the juju status would report "jdk settings changed; do something (or not)". i think i like that.	21:01
=== natefinch is now known as natefinch-afk
kwmonroe	still, that's not on openjdk (or any java provider) to determine that. the principals that consume java would wire that in.	21:02
bdx	kwmonroe: so, people are writing java web apps because they want the security of the strongly typed/compiled app (majorly) right	21:10
bdx	kwmonroe: I would say puting each app in a silo would be optimal	21:10
bdx	kwmonroe: or each unit of an application	21:13
bdx	I see how that makes implementing shared javaops difficult though	21:13
kwmonroe	yeah bdx, but we can't do each unit of an app.. or even each app in a silo. if you have ES, tomcat, and some big data stuff all related to the 'openjdk' charm, and you update the openjdk config, that's going to update for all apps related to java.	21:14
kwmonroe	which is not great, i agree. you'd almost need to deploy openjdk as "es-jdk" and another for "bigdata-jdk" and another for "foo-jdk" and tweak the config as needed for each of those to get the silo'd config.	21:15
bdx	kwmonroe: yea .. I see that ... I think using it as a layer seems more reasonable in that scenario	21:15
bdx	but also slightly defeats the purpose	21:16
kwmonroe	yeah, interesting.. i hadn't considered the java layer being a base layer for specific java apps.	21:16
kwmonroe	i think i see what page you're on now. note, we're not on the same page, but at least i see yours over there. ;)	21:16
bdx	yes!	21:17
bdx	someone understands me	21:17
bdx	baha	21:17
bdx	its lonely overhere at creativedrive .... surrounded by php and rails devs	21:18
kwmonroe	haha	21:18
bdx	im the only python guy in the company	21:18
bdx	bringing it	21:19
kwmonroe	+1 bdx, i have faith in you!	21:19
bdx	kwmonroe: thx, I did too ... until I realized what one of our software projects was	21:20
bdx	-> https://www.morpheusdata.com/	21:20
mayurisapre	hello everyone..	21:22
mayurisapre	i am writing a charm and need help for the same	21:23
kwmonroe	mayurisapre: is this related to https://askubuntu.com/questions/808638/juju-charm-how-to-get-ip-addresses-of-all-units-in-a-service-in-a-charm-hook-i/810156#810156?	21:24
mayurisapre	yes	21:26
mayurisapre	hi kwmonroe..	21:27
mayurisapre	i read your answer, bit still facing the same issue	21:28
kwmonroe	mayurisapre: relation-list -r {id} should be returning all units in that relation. where are you calling relation-list?	21:30
=== menn0 is now known as menn0-exercise
mayurisapre	i am calling it from myCharm	21:30
mayurisapre	relation-changed hook	21:31
kwmonroe	mayurisapre: what's the relation name that you're calling?	21:33
kwmonroe	mayurisapre: relation-ids {name} <-- what's {name}?	21:33
mayurisapre	halbaas	21:33
bdx	icey, kwmonroe: possibly you could hear me out on layer-consul	21:35
bdx	https://github.com/jamesbeedy/layer-consul	21:35
mayurisapre	I have also tried this with mysql and wordpress	21:35
mayurisapre	with db relation	21:36
mayurisapre	in that case as well i got the same result	21:36
bdx	icey, kwmonroe: I immagine layer-consul could/should be used for the base layer for charm-consul, and subordinate charm-consul-agent	21:36
bdx	imagine*	21:36
bdx	the primary differences in charm-consul and charm-consul-agent is https://github.com/jamesbeedy/layer-consul/blob/master/templates/consul.json.tmpl#L12	21:38
bdx	would be true for consul, and false for consul-agent	21:38
bdx	consul-agent wouldn't need to do any custom config on consul-relation-joined, it would be the consul server(s) that would run the `consul join <consul-agent-ip-address>` on consul-agent-relation-joined	21:41
bdx	right?	21:41
bdx	here, let me finish whipping this together, then I'll ping you	21:42
kwmonroe	mayurisapre: i deployed mysql and 3 wordpress charms and got this: http://paste.ubuntu.com/22850696/	21:46
kwmonroe	mayurisapre: the important bit is that last relation-list call that shows 3 values that correspond to the 3 wordpress units connected to the mysql charm	21:47
mayurisapre	this is juju 2.0 right?	21:48
kwmonroe	correct	21:48
mayurisapre	i am currently using 1.25	21:50
mayurisapre	do you think this is causing the issue?	21:50
kwmonroe	i don't think so mayurisapre, but i'll deploy on 1.25 and check	21:51
kwmonroe	bdx: is charm-consul a principal and charm-consul-agent a subordinate?	21:53
kwmonroe	bdx: if not, could you use leadership so the leader in a multi consul deployment set server: true and the rest false?	21:54
kwmonroe	mayurisapre: what does this return for you? juju run --unit mysql/0 'relation-ids db'	22:08
mayurisapre	i just tried it again	22:15
mayurisapre	with juju run --unit mysql/0 'relation-ids db' it listed all three unit	22:15
mayurisapre	but in debug mode	22:15
mayurisapre	in db-relation-changed it listed just 1 unit	22:16
kwmonroe	mayurisapre: how are you invoking debug mode?	22:17
=== menn0-exercise is now known as menn0
mayurisapre	with debug-hooks command	22:18
kwmonroe	mayurisapre: how are you calling debug-hooks? juju debug-hooks mysql/0?	22:18
mayurisapre	yes	22:19
kwmonroe	mayurisapre: when you do that, the db-relation-changed hook will fire once for each connected unit. so it's possible you're only seeing the 1st wordpress unit.	22:20
mayurisapre	but if I don't use debug mode even then in execution i get same results..	22:21
mayurisapre	i checked that from logs	22:21
kwmonroe	mayurisapre: if "juju run --unit mysql/0 'relation-list -r db:x'" is showing multiple results (one for each connected unit), then it's working as it should	22:24
kwmonroe	in a debug-hooks terminal, you'd have to run ./hooks/db-relation-changed, then exit, then let the debug-hook proceed to the next db-relation-changed hook for a subsequent unit	22:25
mayurisapre	yes..things are clear to me now.	22:27
mayurisapre	thanks a lot for your time.	22:28
mayurisapre	i really appreciate it.	22:28
kwmonroe	np mayurisapre, i'm glad you got it figured out! let us know if you have any other questions.	22:31
mayurisapre	yes. It was really helpful.	22:32
mayurisapre	thanks a lot again.	22:32

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!