axwthumper babbageclunk: so, I'm a bit nervous about having gaps in tagging that would be introduced by Unset/Set. did you discuss my suggestion of just sending the version of the controller to UpdateController?00:36
axwthumper babbageclunk: only disadvantage I see to that is that the provider needs to remember all the old methods of tagging. but I think that's preferable to possible resource leakage00:36
axwthumper babbageclunk: finally (the clincher for me), some resources are tracked with things other than tags. e.g. OpenStack, security groups are tracked by formatting their names in a specific way. AFAIK that's immutable. so UpdateController would need to recreate the security group00:39
babbageclunkaxw, thumper: so we'd need to create a new security group, move everything over to it and then get rid of the old one?00:42
axwbabbageclunk: yep00:42
axw(unless you can rename things in openstack?)00:42
babbageclunkaxw, thumper: yeah, that does seem like a pretty big problem for the unset/set approach00:42
menn0thumper: can you have another quick look at this one pls: https://github.com/juju/juju/pull/683900:43
axwbabbageclunk: ah you can rename instances, so maybe security groups too. but I'm a bit wary of expecting we can do that in all cases for every provider00:43
axwthumper: ready to chat whenever'00:45
babbageclunkaxw: Well really anything where we tag by naming doesn't work in the unset/set case anyway.00:45
babbageclunkaxw: thumper made the point that it's possible we'd change how resources were tagged with the model as well - that makes update with a version harder too, doesn't it? Environ.AllInstances might not find the migrated machines because it would be looking for the model tag by the wrong key (or whatever).00:49
babbageclunkI need to go for a run to think about this, then I'll definitely need to pick people's brains some more.00:50
axwbabbageclunk: I don't see how that's a problem. since you can only migrate to a controller >= version (right?), then as long as we keep a history in the provider of how tagging was done, we can determine how to identify the instances based on the source controller's version00:54
babbageclunkaxw: Yeah, I think you're right - and I guess we only need to introduce that handling inside the provider once  we actually need to make that change in a provider.00:56
axwbabbageclunk: right00:56
babbageclunkaxw: ok, sold. Thanks! thumper I'm doing this ^00:56
axwbabbageclunk: cool, no worries00:57
thumperaxw, babbageclunk: re openstack security groups, are they created in the account, or controller?01:21
thumperif it is the account, then nothing changes01:21
thumperaxw: still good to chat?01:21
axwthumper: not sure what you mean by "in the account or the controller". they're created by the controller for a model, and should be destroyed when the model or controller is destroyed01:22
axwthumper: yep01:22
axwthumper: https://hangouts.google.com/hangouts/_/canonical.com/andrew-tim?authuser=101:22
thumperaxw: the model's machines aren't moving, so any security group created for a model and the model's credentials are still equally valid on the target controller01:22
axwthumper: yeah, it's about ownership tho. what to do if you kill-controller on the source/target controller01:23
thumpermenn0: got a few minutes?01:34
menn0thumper: yep01:34
redirfu... our docs say you have to create the pflash drive, but it looks like xenial's version of libvirt-bin now supports creating one by default:|01:56
thumperredir: bugger... :-|01:57
redirI guess that would be good, less (code) is more01:57
redirnot a huge deal just painful to live test01:57
menn0babbageclunk: could you take a quick look at this one please? https://github.com/juju/juju/pull/683902:38
babbageclunkmenn0: Sure02:39
menn0babbageclunk: thanks02:39
rick_hwallyworld: ping around?02:46
rick_hwallyworld: hey, have a sec to give me a hand?02:46
wallyworlda hand what?02:47
rick_hwallyworld: https://pastebin.canonical.com/176845/ trying to redo my maas setup here and bootstrap is stuck here for 20+min02:47
rick_hwallyworld: can't ssh to the machine with ubuntu@IP, but log seems to say it did work?02:47
rick_hwallyworld: so can't get at the log and I'm confused on wtf02:48
wallyworldrick_h: looks like the controller can't see streams.canonical.com02:49
rick_hhmmm, k the GUI fetch didn't error so assumed it worked02:50
* rick_h figures out to test that out02:51
wallyworldi'm just guessing on the "fetching agent" bit02:51
wallyworldmaybe that did succeed02:51
wallyworldbut after that it also needs to connect to the archives02:51
wallyworldto get mongo02:51
wallyworldif i am not mistaken02:52
wallyworldmaybe turning on debug would help. the info logging is a bit terse02:52
rick_hyea, that's with --debug on bootstsrap02:52
wallyworlddoh, of course02:52
wallyworldi *think* the fetching juju agent messages correlates with get the tools binaries and get mongo02:53
wallyworldthe last step in getting jujud running02:54
* rick_h tries to deploy a maas node w/o Juju and see if I can ssh to it and check the connectivity02:54
wallyworldthat's a reasonable next step02:55
wallyworldeach time there's been similar issues, from memory, it's been network/routing related02:55
rick_hk, thanks02:55
rick_hwallyworld: ty, looks like I needed an iptables rules to enable nat on the maas machine.03:01
rick_hwallyworld: at least ping now works so hopefully it'll bootstrap now successuflly03:01
wallyworldah, right03:01
wallyworldthe symptoms seemed to fit not having outbound traffic03:01
rick_hat least it works now on a manually started maas node, so checking to see if the juju node works now03:02
* wallyworld crosses fingers03:02
* rick_h wishes there was a clear success/fail message on these things (like fetching the gui, agents, etc)03:03
wallyworldmaybe it hadn't timed out yet, not sure03:04
wallyworldbut it does need to surface the connectivity issue better03:04
babbageclunkmenn0: LGTM03:05
menn0babbageclunk: tyvm03:05
rick_hwallyworld: "Installing Juju machine agent"03:05
rick_hseems like we're in business woot03:06
rick_hty wallyworld03:08
wallyworlddidn't do much :-)03:08
rick_hwell poked me to double check that egress. I thought I had it worked but I had rebooted and guess the settings didn't keep03:10
redirthis one should be an easy review... https://github.com/juju/juju/pull/6860/files03:17
* redir eods03:17
redirsee you tomorrow juju-dev03:17
menn0axw: could you pls take a look at this one? https://github.com/juju/juju/pull/685903:49
axwmenn0: looking03:49
menn0axw: thanks03:50
axwmenn0: done03:53
menn0axw: thanks03:53
=== meetingology` is now known as meetingology
jamballoons: it looks like !!build!! is blocked again06:58
mupBug #1658549 opened: Security issue: jujud is not owned by a user on the system <juju-core:New> <https://launchpad.net/bugs/1658549>08:04
mupBug #1658549 changed: Security issue: jujud is not owned by a user on the system <juju-core:New> <https://launchpad.net/bugs/1658549>08:04
mupBug #1658549 opened: Security issue: jujud is not owned by a user on the system <juju-core:New> <https://launchpad.net/bugs/1658549>08:04
mupBug #1658549 opened: Security issue: jujud is not owned by a user on the system <juju-core:New> <https://launchpad.net/bugs/1658549>08:04
mupBug #1658549 changed: Security issue: jujud is not owned by a user on the system <juju-core:New> <https://launchpad.net/bugs/1658549>08:04
mupBug #1658549 opened: Security issue: jujud is not owned by a user on the system <juju-core:New> <https://launchpad.net/bugs/1658549>08:05
=== frankban|afk is now known as frankban
mupBug #1658549 opened: Security issue: jujud is not owned by a user on the system <juju-core:New> <https://launchpad.net/bugs/1658549>10:37
mupBug #1658549 changed: Security issue: jujud is not owned by a user on the system <juju-core:New> <https://launchpad.net/bugs/1658549>10:38
mupBug #1658549 opened: Security issue: jujud is not owned by a user on the system <juju-core:New> <https://launchpad.net/bugs/1658549>10:38
rogpeppe1if I want environment isolation and a fake home, which testing suite should I be using?11:07
rogpeppe1perrito666: any idea?11:08
perrito666rogpeppe1: sorry I dont know which one has a home11:27
rogpeppe1perrito666: i think i worked out the answer: use IsolationSuite and call MakeFakeHome11:28
rogpeppe1perrito666: FakeHomeSuite doesn't provide env isolation unfortunately11:28
* rogpeppe1 wishes that all the fixture suites were orthogonal to one another11:29
rogpeppe1here's a feature-branch PR to add support for preferred authentication domains to the juju client:  https://github.com/juju/juju/pull/686211:46
rogpeppe1jam: i've replied to your comments on https://github.com/juju/juju/pull/686212:56
jamrogpeppe1: is there a discussion response or just a code response?12:57
rogpeppe1jam: both12:57
=== rogpeppe1 is now known as rogpeppe
perrito666hoenir: morning13:29
ahasenackhi juju devs, do you have commit rights on go-yaml?15:27
ahasenackwe have an issue with it, and apparently there is a PR for it too15:27
ahasenackspecifically, https://github.com/go-yaml/yaml/pull/22315:28
ahasenackwhich affects juju15:28
ahasenackissue is https://github.com/go-yaml/yaml/issues/15715:28
rick_hahasenack: no, I think we have to work to get the PR looked at and landed15:29
ahasenackrick_h: you don't have commit rights, you mean? Your team15:33
rick_hahasenack: I don't think anyone in juju land does other than gustavo15:34
ahasenackok, thanks15:34
rick_hahasenack: so to push this you'll need to reach out to him15:34
niemeyerahasenack, rick_h: go-yaml is long due some maintenance15:53
niemeyerahasenack: Not sure if that fix is the right one..15:57
ahasenackniemeyer: tbh I haven't looked at the PR itself15:58
ahasenackI was going to point out just the issue and someone whispered to me there was a PR for it already :)15:58
redirperrito666: https://github.com/juju/juju/pull/6860 PTAL if you have a minute16:36
alexisbredir, ping17:04
perrito666redir: sure17:10
rediralexisb: pong17:10
redirperrito666: tx17:10
alexisbperrito666, redir I need someone to pick up the OSX regression17:10
alexisbdo either of you have an OSX workstation?17:11
perrito666alexisb: nope17:11
rediralexisb: https://bugs.launchpad.net/juju/+bug/1659016 this one?17:12
rediralexisb: I have an ancient macbook pro17:12
alexisbredir, yes that one17:12
redirmight take a while to bring it into this decade17:12
=== frankban is now known as frankban|afk
natefinchoops wrong window17:42
perrito666a bless on develop \o/17:44
perrito666followed by a curse, this parallel testing thing doesnt give much room for happyness17:45
alexisbperrito666, I know you plyed I big part in that bless, so thank you17:45
perrito666alexisb: I havent submitted ode in the past week or so so I dont think so :p17:45
perrito666I have a couple of PRs dancing around develop17:45
alexisbperrito666, this was way more than a weeks worth of work17:46
alexisbdont sell yourself short17:46
perrito666alexisb: I never do, I do rent myself short :p17:47
* perrito666 is a leasing person17:47
rick_hlol, yea way more than a week17:47
perrito666I wish that bless would have come at an hour where I wouldnt feel guilty about opening a beer17:52
rick_hperrito666: lol17:52
rick_hperrito666: there is no guilt17:52
perrito666rick_h: its 3pm and I have to be up and running until standup at 20:45 so there is a little guilt involved17:53
rick_hperrito666: 3pm for you?17:53
rick_hI don't know why but I thought you were EST or Central17:53
perrito666rick_h: GMT-3, whatever that means in non standard TZs :p17:54
alexisbperrito666, I expect to see a celebratory beer at standup tonight17:54
perrito666alexisb: well if you force my hand...17:54
rick_hheh, I forget how far over mexico kicks east17:54
alexisbperrito666, :)17:55
* rick_h thinks of things more in a straight line which is false brokenness17:55
perrito666rick_h: yes, you have mercator to blame for that17:55
rick_hredir: ping17:55
perrito666also my country is in the wrong timezone for dumb political reasons :p17:55
redirrick_h: pong17:56
rick_hredir: what's your LP username?17:56
rediri think17:56
rick_hredir: k, that worked ty17:56
rick_hredir: heads up that guimaas is rebuilt on newer maas, a few nodes aren't running atm17:56
redirI used to also have redir but had it merged17:57
rick_hredir: but have it working with 5 of hte 8 nodes with juju 2.1beta417:57
rick_hredir: so if you ever need to tinker again it should work like before, same machine/url/etc17:57
* redir does peanutbutter and jelly banana dance17:57
redirthanks rick_h17:57
rick_hredir: I've got a new nuc3 coming tomorrow and a video cable to get 7 & 8 back going so by end of tomorrow should have all 8 working fine with modern tool stack17:58
redirrick_h: in the mean time I've set up vmaas on my workstation and on an old box, which works great except it has only one nic, so I can only test it from itself.17:59
redirwell without a lot of twiddling17:59
rick_hredir: yea, always good to have around, but also if we need real hardware there's some sitting free-ish18:02
redirrick_h: yes, tyvm for letting me know it is back.18:02
redirit is faster than my vm18:02
perrito666redir: k19:28
redirthumper: o/20:24
wallyworldthumper: quick! merge develop to staging, we have a bless!20:27
thumperwallyworld: that is done automatically20:27
wallyworldwell, i should check then to see if it has happened20:28
wallyworldlooks like it has20:29
redirthumper: wallyworld easy review https://github.com/juju/juju/pull/686320:48
thumperredir: shipit20:49
redirsomeone needs to enable their pre-push hook20:50
=== frankban|afk is now known as frankban
redirstaging fails pre-push too20:58
redirbut for unreachable code20:58
redirlooks like a fine merge problem21:10
natefinchAnyone understand this merge error?  http://juju-ci.vapour.ws:8080/job/github-merge-juju/10041/artifact/artifacts/windows-err.log21:11
natefinchsinzui, abentley ^21:11
sinzuinatefinch: remember to ignore the -err., use the -out http://juju-ci.vapour.ws:8080/job/github-merge-juju/10041/artifact/artifacts/windows-out.log21:14
natefinchsinzui: sorry, the console output said to see the -err :)21:15
natefinchsinzui: so, looks like mongo just bit the dust.  retry I suppose?21:15
sinzuinatefinch: yeah, that will be fixed one day21:15
sinzuinatefinch: yes, I agree to retry.21:15
abentleyredir: It failed: http://juju-ci.vapour.ws/job/github-merge-juju/10100/console21:17
redirabentley: ?21:20
abentleyredir: Your fix/prepush-failures21:22
rediroh, yes, but because mongo not because the prepush hook failed21:24
redirI understand that if someone fails to setup their pre-push hook or uses the --no-verify flag that things can make it into a PR,21:25
redirbut I would expect that the CI pipeline would run the verify script before bothering to run tests...21:25
abentleyredir: Well, you know what happens when you assume...21:26
redirabentley: I was expecting not assuming:)21:27
redirpoor expectations on my part21:27
abentleyredir: Maybe the verify script can become part of make test?21:27
=== alexisb is now known as alexisb-afk
redirabentley: seems reasonable that there should be some target that runs verify and and builds all together21:30
redirabentley: looks like sinzui found waldo21:33
redirthis is the staging thing I see when updating my fork https://github.com/juju/juju/compare/staging...reedobrien:fix/prepush-on-staging?expand=121:37
sinzuiredir: the fix is in place21:42
redirsinzui: thanks!21:56
babbageclunkthumper: the azure provider tags at least 8 different kinds of things with the controller id.22:44
babbageclunkthumper: the destroy controller handles it by just destroying the resource group to kill everything in one fell swoop.22:44
babbageclunkthumper: do you know whether there's something similar to update lots of things?22:45
babbageclunkthumper: all at once?22:45
thumperno, but axw might22:45
babbageclunkaxw: ^^22:45
babbageclunkoh, probably a bit early for him yet22:47
perrito666babbageclunk: sounds about the time he gets up, our previous standup used to be in 15 mins from now22:47
=== alexisb-afk is now known as alexisb
=== frankban is now known as frankban|afk
axwbabbageclunk: no, I don't think there is23:14
axwbabbageclunk: the tags are for informational purposes as well as, FYI (i.e. so people navigating through the portal can tie things back to juju land)23:16
babbageclunkaxw: stink, I didn't think so. What I'm doing at the moment is listing all of the things in the resource group and updating the tag for each, which requires dispatching on the GenericResource.Type23:17
babbageclunkaxw: That way at least we'll be able to log an error if a new resource type gets tagged but the code to update it isn't.23:18
axwbabbageclunk: you can use https://github.com/Azure/azure-sdk-for-go/blob/master/arm/resources/resources/resources.go#L191 to update arbitrary resources23:19
axwbabbageclunk: is that what you're doing?23:19
babbageclunkaxw: Ooh, yes, that's what I was hoping to find - thanks! Removes the need to dispatch by the type.23:20
axwbabbageclunk: I'm not sure how it handles the non-common resource properties23:20
axwbabbageclunk: the azure API supports PATCH, but I don't think it's exposed by the SDK at all23:21
babbageclunkaxw: It looks like you pass in a generic resource - I hope it'd only update the things that are on there and leaves everything else alone? Otherwise how could you use it?23:22
axwbabbageclunk: I hope so to. dunno otherwise23:22
axwbabbageclunk: I can imagine how it'd work when making the HTTP request: you would just add the properties free-form23:23
axwbabbageclunk: but not using the Go SDK23:23
axwbabbageclunk: oh! never mind, GenericResource has a "properties" attribute23:23
axwbabbageclunk: so if you just preserve that, you're good23:23
babbageclunkaxw, awesome. Oh man, that documentation is terrible. "CreateOrUpdate creates a resource." Is that all it does?23:24
axwbabbageclunk: and now that I think of it, you *could* do it all in one shot using a template deployment. I think you should see how it goes without that first though23:24
axwbabbageclunk: heh :/  it's auto-generated from swagger23:25
babbageclunkaxw: ok, will do - I don't think it'll be too bad like this.23:25

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!