stormmore | hmmm that is odd, for some reason the flannel charm wont let me add a relation to kubernetes-worker charm :-/ | 05:30 |
---|---|---|
kjackal | Good morning Juju world! | 07:10 |
stormmore | *sigh* I forget to setup an ssh key for my user before deploying the kubernetes bundle :-/ | 07:43 |
stormmore | I am guessing my only option is destroy and recreate, anyone still awake who might know of another option? | 08:00 |
=== frankban|afk is now known as frankban | ||
aisrael | stormmore, sorry, I don't have scrollback atm. What's the issue? | 08:37 |
Budgie^Smore | I forgot to add an ssh key when I deployed the kubernetes bundle so couldn't scp anything from the master node | 08:38 |
* Budgie^Smore was being a dumb-a** | 08:38 | |
* Budgie^Smore is stormmore on his "other" computer | 08:39 | |
aisrael | Budgie^Smore, stormmore, Ahh, sorry. I'm afraid I'm not up to speed on k8's enough to help with that. :( | 08:40 |
Budgie^Smore | the kubernetes part is a red herring in this instance, to simplify I couldn't use juju scp or juju ssh to access juju managed systems | 08:41 |
Budgie^Smore | not a huge deal, decided to destroy the model and rebuild it tomorrow | 08:42 |
Budgie^Smore | I did come across what might be a bug after that... decided to create another user in juju, then deleted it cause I couldn't figure out how to add a display name, then it wouldn't let me readd the same user even though it wasn't listed | 08:43 |
Budgie^Smore | maybe I was being impatient? | 08:43 |
Budgie^Smore | the user wasn't list in juju users | 08:44 |
* Budgie^Smore does some weird things when he is learning new toys | 08:46 | |
deanman | morning | 09:01 |
Zic | "SaMnCo | and, last but not least, I'm trying to get good low level sysadmin feedback on Juju usage to document" | 09:12 |
Zic | ping back SaMnCo, glad to help if you need my review :) | 09:13 |
Zic | (cc jcastro also, same answer :D) | 09:13 |
Budgie^Smore | care to definte "low level sysadmin"? | 09:14 |
Zic | Budgie^Smore: I take it like "core level", like C is a low-level language, but maybe I'm mistaken | 09:24 |
Budgie^Smore | so someone who handles the infrastructure then is what I would think as low level sysadmin | 09:25 |
SaMnCo | Zic: Budgie^Smore right what I want to capture is from your views on how Juju represents the world. Vs your view of it | 09:55 |
SaMnCo | So not the charms themselves but the tool | 09:55 |
SaMnCo | Core is probably better wording | 09:55 |
Budgie^Smore | The one big thing I love about juju is it's GUI as it is a great way to visible show PHBs the "world" | 09:56 |
SaMnCo | As well as the key questions you asked yourself when you started | 09:57 |
SaMnCo | And eventually struggled to answer | 09:57 |
SaMnCo | Or find answers for | 09:57 |
Budgie^Smore | I will be honest and say the only reason I came across Juju was cause I was looking for tools to manage machines from a powered off state and found MaaS | 09:58 |
Budgie^Smore | OK I will see you guys in a few hours, need to get some zee | 10:09 |
junaidali | Hi blahdeblah : the openstack-base bundle has ntp charm without ntpmaster. The auto_peers is also not set. Will we be good with clock sync when the internet is disconnected? | 10:11 |
Zic | lazyPower: http://paste.ubuntu.com/23868491/ is it normal from etcd? | 10:25 |
Zic | all is working actually, but I show this by hasard | 10:26 |
Zic | lazyPower: also, normally there is a "etcd-4" but I don't see it :( | 10:29 |
Spaulding | hello juju world! | 10:36 |
junaidali | Hi Spaulding | 11:23 |
rick_h | stormmore: you can add SSH keys to juju with juju add-ssh-key. Now, I don't think that will retro add to previous units but using add-unit should get you new ones with the key there. | 12:34 |
CoderEurope | marcoceppi_: Hows it going with Discourse charm ? | 13:53 |
=== CyberJacob is now known as zz_CyberJacob | ||
lazyPower | Zic yeah, the component status does'nt use teh TLS certificate to verify | 15:02 |
lazyPower | Zic i've only ever gotten etcd to display properly in component status when its non tls secured | 15:02 |
=== alexisb__ is now known as alexisb-afk | ||
ryebot | Anyone else hitting 502 errors trying to `charm attach`? | 16:11 |
rick_h | uiteam ^ | 16:14 |
lazyPower | ryebot - its been ages since i've encountered that | 16:22 |
lazyPower | whats the size of your upload? | 16:22 |
ryebot | lazyPower: 9.2MB | 16:25 |
lazyPower | ryebot that seems unusually small to be throwin 502's | 18:05 |
lazyPower | ryebot it might have been temporary load against the charm store, is it still throwing errors at you? | 18:05 |
ryebot | let me try again | 18:05 |
lazyPower | i've seen that 502 with like, 1GB attempted uploads | 18:05 |
lazyPower | it simply times out during transfer | 18:05 |
ryebot | nope, still fails :| | 18:06 |
lazyPower | but if you hit it during a deployment, or under extreme load, you'll also see that | 18:06 |
* lazyPower weeps silently | 18:06 | |
ryebot | I must be doing something stupid | 18:06 |
lazyPower | jrwren imma poke you with some <3 to see if you can poke the right pplz about a 502 issue on upload? the last time we hit this it was a prodstack deployment underway | 18:06 |
jrwren | you can try. | 18:08 |
lazyPower | oooo | 18:09 |
lazyPower | you wanna go jrwren? :D want some of this hot 502 error action? :D | 18:09 |
lazyPower | sorry i've had too much coffee this morning | 18:09 |
stormmore | howdy juju world | 18:19 |
stormmore | thanks rick_h I figured as much, it would be nice to be able to add keys retroactively though since it would allow to add / update keys for users | 18:20 |
stormmore | for instance, in my last job we had to "rotate" our ssh keys every 90 - 180 days (depending on access type) | 18:21 |
rick_h | Yea...Thinking. as long as you have the old key you can update/add the new one | 18:21 |
rick_h | Juju run ... Across machine's I guess. | 18:22 |
rick_h | It's something that'd be great.to support better | 18:22 |
=== frankban is now known as frankban|afk | ||
stormmore | admittedly if I am going to use ssh for much going forward I really want to use client certs instead of keys | 18:26 |
=== mskalka is now known as mskalka|afk | ||
=== alexisb-afk is now known as alexisb | ||
=== mskalka|afk is now known as mskalka | ||
stormmore | so I just created a new superuser account on my controller, switched to it, add a credential and set default cred and region but when I run juju add-model <model name> it keeps saying that I didn't provide a credential. is that expected? | 20:40 |
lazyPower | stormmore - yep, you have to set the default credential if you want a default credential. | 20:41 |
stormmore | lazyPower I did run juju set-default-credential | 20:41 |
lazyPower | oooo | 20:41 |
lazyPower | i missed that, osrry | 20:41 |
lazyPower | that seems wrong indeed | 20:42 |
lazyPower | well this bit of our docs seems oddly specific to that behavior | 20:42 |
lazyPower | Setting a default credential means this will be used by the bootstrap command when creating a controller, without having to specify it with the --credential option. | 20:42 |
stormmore | no worries, I am wondering if there is a default cred that is separate for models vs controllers | 20:43 |
lazyPower | stormmore - did you juju set-default-credential "credential-name" "username" ? | 20:44 |
lazyPower | or for the cloud rather | 20:44 |
lazyPower | juju set-default-credential aws carol -- is the example from the doc | 20:44 |
stormmore | yeah so I set the default credential for aws | 20:45 |
lazyPower | yeah iw ould have expected that to set it for every request unless overridden with --credential | 20:45 |
lazyPower | i too pass --credential on a hosted controller i've been using for the past month and haven't been bothered with looking into why thats the case. On my next deploy i'll try to replicate a successful configuration where it doesn't require the --credential. I'm fairly certain we support this | 20:46 |
stormmore | it seems odd when the "admin" user doesn't require it | 20:46 |
stormmore | that is why I am thinking I did something wrong | 20:47 |
lazyPower | yeah, i'm mostly certain its a local config thing that you can run a command to set it like a context and it "just works" | 20:47 |
stormmore | it is gets even weirder, I just noticed when I added a "test" model using the admin account that it wasn't using the default credential I set so I deleted the model, deleted the cred and readded the model and it used the "deleted" cred! http://paste.ubuntu.com/23871129/ | 20:53 |
lazyPower | stormmore yeah, thats definitely bug worthy. Would you mind capturing the steps you outlined in a bug so we can reproduce and get some engineering eyes directed at that? | 20:54 |
stormmore | of course I wouldn't mind :) just don't like to file "bugs" that aren't bug worthy ;-) hence check here first | 20:55 |
stormmore | I am finally having to register for a Ubuntu One account! Woot! | 20:58 |
lazyPower | #nailed-it-aced-it-cant-be-stopped | 20:59 |
=== thumper is now known as thumper-busy | ||
lazyPower | look @ you go stormmore :) | 20:59 |
stormmore | lol | 20:59 |
stormmore | I am guessing we should consider this a security vunerability (or at least the potential to be one) since it about credentials too | 21:03 |
lazyPower | I think thats a reasonable classification | 21:03 |
stormmore | filed | 21:15 |
lazyPower | Thanks stormmore | 21:18 |
stormmore | I am debating whether I should also file one for the fact that switching to a non-"admin" user doesn't seem to use the default credential too | 21:24 |
rick_h | stormmore: there's an existing bug around that being an option | 21:38 |
rick_h | stormmore: typically a different user doesn't mean the admin wants to be on the hook for expenses | 21:38 |
rick_h | stormmore: but there are cases where that's legit. | 21:38 |
stormmore | rick_h: i get that but the non-"admin" user account I created was given the same level of access - superuser - so my assumption is that it should work the same way as the "admin" user account | 21:39 |
rick_h | stormmore: I'm not sure I agree there. Trusting someone with your running bits is different than your credit card | 21:40 |
rick_h | stormmore: but I understand. As I said, there's an existing bug for the admin to make that an option | 21:40 |
jrwren | uiteam: for review, a util I just ran on jujugui.org https://github.com/juju/charmstore/pull/704 | 21:40 |
stormmore | rick_h I agree, however I am kinda modeling it after the Linux security model of no one logging in as root, so maybe a juju sudo type command would be a good option | 21:41 |
rick_h | stormmore: hmm, I tend to look at Juju more like a database server or the like. | 21:43 |
rick_h | stormmore: I may trust you to help add databases/etc but am not going to give you root on the machine so you can do other things with it | 21:43 |
stormmore | rick_h ah that kinda makes sense but the problem I am having is creating the "db" (model) | 21:46 |
stormmore | rick_h seems odd that I can set a default credential for the user but still have to provide that credential using --credential when I am running commands like add-model | 21:46 |
rick_h | stormmore: oh I'm +1 on making it better for the users there like that. I'm just -1 on auto leveraging the admin's credentials in any way | 21:47 |
stormmore | rick_h I am definitely not suggesting sharing credentials across accounts just if you set add and set a default credential in any account it should behave the same way | 21:48 |
stormmore | now I am having problems adding ssh keys :-/ | 21:59 |
stormmore | keeps giving me invalid key! | 22:00 |
stormmore | oh you hcae to cat out the key instead of it reading the file. | 22:04 |
stormmore | have* | 22:04 |
=== mskalka is now known as mskalka|afk | ||
Teranet | ok everyone I do have a little issue ........ how do you grab in JUJU a trunk interface and get those multpile VLAN's mapped into charms proper ? Any docu or help is welcome thank you | 22:19 |
marcoceppi_ | Teranet: it sounds like you want extra-bindings | 22:47 |
Teranet | sorta yes | 23:01 |
Teranet | so far I had eth0 also bridged but now I want to add eth1 as an additional bridge and with VLAN's | 23:02 |
=== thumper-busy is now known as thumper |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!