stormmorehmmm that is odd, for some reason the flannel charm wont let me add a relation to kubernetes-worker charm :-/05:30
kjackalGood morning Juju world!07:10
stormmore*sigh* I forget to setup an ssh key for my user before deploying the kubernetes bundle :-/07:43
stormmoreI am guessing my only option is destroy and recreate, anyone still awake who might know of another option?08:00
=== frankban|afk is now known as frankban
aisraelstormmore, sorry, I don't have scrollback atm. What's the issue?08:37
Budgie^SmoreI forgot to add an ssh key when I deployed the kubernetes bundle so couldn't scp anything from the master node08:38
* Budgie^Smore was being a dumb-a** 08:38
* Budgie^Smore is stormmore on his "other" computer 08:39
aisraelBudgie^Smore, stormmore, Ahh, sorry. I'm afraid I'm not up to speed on k8's enough to help with that. :(08:40
Budgie^Smorethe kubernetes part is a red herring in this instance, to simplify I couldn't use juju scp or juju ssh to access juju managed systems08:41
Budgie^Smorenot a huge deal, decided to destroy the model and rebuild it tomorrow08:42
Budgie^SmoreI did come across what might be a bug after that... decided to create another user in juju, then deleted it cause I couldn't figure out how to add a display name, then it wouldn't let me readd the same user even though it wasn't listed08:43
Budgie^Smoremaybe I was being impatient?08:43
Budgie^Smorethe user wasn't list in juju users08:44
* Budgie^Smore does some weird things when he is learning new toys 08:46
Zic"SaMnCo | and, last but not  least, I'm trying to get good low level sysadmin feedback on Juju usage to document"09:12
Zicping back SaMnCo, glad to help if you need my review :)09:13
Zic(cc jcastro also, same answer :D)09:13
Budgie^Smorecare to definte "low level sysadmin"?09:14
ZicBudgie^Smore: I take it like "core level", like C is a low-level language, but maybe I'm mistaken09:24
Budgie^Smoreso someone who handles the infrastructure then is what I would think as low level sysadmin09:25
SaMnCoZic:  Budgie^Smore right what I want to capture is from your views on how Juju represents the world. Vs your view of it09:55
SaMnCoSo not the charms themselves but the tool09:55
SaMnCoCore is probably better wording09:55
Budgie^SmoreThe one big thing I love about juju is it's GUI as it is a great way to visible show PHBs the "world"09:56
SaMnCoAs well as the key questions you asked yourself when you started09:57
SaMnCoAnd eventually struggled to answer09:57
SaMnCoOr find answers for09:57
Budgie^SmoreI will be honest and say the only reason I came across Juju was cause I was looking for tools to manage machines from a powered off state and found MaaS09:58
Budgie^SmoreOK I will see you guys in a few hours, need to get some zee10:09
junaidaliHi blahdeblah : the openstack-base bundle has ntp charm without ntpmaster. The auto_peers is also not set. Will we be good with clock sync when the internet is disconnected?10:11
ZiclazyPower: http://paste.ubuntu.com/23868491/ is it normal from etcd?10:25
Zicall is working actually, but I show this by hasard10:26
ZiclazyPower: also, normally there is a "etcd-4" but I don't see it :(10:29
Spauldinghello juju world!10:36
junaidaliHi Spaulding11:23
rick_hstormmore: you can add SSH keys to juju with juju add-ssh-key. Now, I don't think that will retro add to previous units but using add-unit should get you new ones with the key there.12:34
CoderEuropemarcoceppi_: Hows it going with Discourse charm ?13:53
=== CyberJacob is now known as zz_CyberJacob
lazyPowerZic yeah, the component status does'nt use teh TLS certificate to verify15:02
lazyPowerZic i've only ever gotten etcd to display properly in component status when its non tls secured15:02
=== alexisb__ is now known as alexisb-afk
ryebotAnyone else hitting 502 errors trying to `charm attach`?16:11
rick_huiteam ^16:14
lazyPowerryebot - its been ages since i've encountered that16:22
lazyPowerwhats the size of your upload?16:22
ryebotlazyPower: 9.2MB16:25
lazyPowerryebot that seems unusually small to be throwin 502's18:05
lazyPowerryebot it might have been temporary load against the charm store, is it still throwing errors at you?18:05
ryebotlet me try again18:05
lazyPoweri've seen that 502 with like, 1GB attempted uploads18:05
lazyPowerit simply times out during transfer18:05
ryebotnope, still fails :|18:06
lazyPowerbut if you hit it during a deployment, or under extreme load, you'll also see that18:06
* lazyPower weeps silently18:06
ryebotI must be doing something stupid18:06
lazyPowerjrwren imma poke you with some <3 to see if you can poke the right pplz about a 502 issue on upload? the last time we hit this it was a prodstack deployment underway18:06
jrwrenyou can try.18:08
lazyPoweryou wanna go jrwren? :D want some of this hot 502 error action? :D18:09
lazyPowersorry i've had too much coffee this morning18:09
stormmorehowdy juju world18:19
stormmorethanks rick_h I figured as much, it would be nice to be able to add keys retroactively though since it would allow to add / update keys for users18:20
stormmorefor instance, in my last job we had to "rotate" our ssh keys every 90 - 180 days (depending on access type)18:21
rick_hYea...Thinking. as long as you have the old key you can update/add the new one18:21
rick_hJuju run ... Across machine's I guess.18:22
rick_hIt's something that'd be great.to support better18:22
=== frankban is now known as frankban|afk
stormmoreadmittedly if I am going to use ssh for much going forward I really want to use client certs instead of keys18:26
=== mskalka is now known as mskalka|afk
=== alexisb-afk is now known as alexisb
=== mskalka|afk is now known as mskalka
stormmoreso I just created a new superuser account on my controller, switched to it, add a credential and set default cred and region but when I run juju add-model <model name> it keeps saying that I didn't provide a credential. is that expected?20:40
lazyPowerstormmore - yep, you have to set the default credential if you want a default credential.20:41
stormmorelazyPower I did run juju set-default-credential20:41
lazyPoweri missed that, osrry20:41
lazyPowerthat seems wrong indeed20:42
lazyPowerwell this bit of our docs seems oddly specific to that behavior20:42
lazyPowerSetting a default credential means this will be used by the bootstrap command when creating a controller, without having to specify it with the --credential option.20:42
stormmoreno worries, I am wondering if there is a default cred that is separate for models vs controllers20:43
lazyPowerstormmore - did you juju set-default-credential "credential-name" "username" ?20:44
lazyPoweror for the cloud rather20:44
lazyPowerjuju set-default-credential aws carol -- is the example from the doc20:44
stormmoreyeah so I set the default credential for aws20:45
lazyPoweryeah iw ould have expected that to set it for every request unless overridden with --credential20:45
lazyPoweri too pass --credential on a hosted controller i've been using for the past month and haven't been bothered with looking into why thats the case. On my next deploy i'll try to replicate a successful configuration where it doesn't require the --credential. I'm fairly certain we support this20:46
stormmoreit seems odd when the "admin" user doesn't require it20:46
stormmorethat is why I am thinking I did something wrong20:47
lazyPoweryeah, i'm mostly certain its a local config thing that you can run a command to set it like a context and it "just works"20:47
stormmoreit is gets even weirder, I just noticed when I added a "test" model using the admin account that it wasn't using the default credential I set so I deleted the model, deleted the cred and readded the model and it used the "deleted" cred! http://paste.ubuntu.com/23871129/20:53
lazyPowerstormmore yeah, thats definitely bug worthy. Would you mind capturing the steps you outlined in a bug so we can reproduce and get some engineering eyes directed at that?20:54
stormmoreof course I wouldn't mind :) just don't like to file "bugs" that aren't bug worthy ;-) hence check here first20:55
stormmoreI am finally having to register for a Ubuntu One account! Woot!20:58
=== thumper is now known as thumper-busy
lazyPowerlook @ you go stormmore :)20:59
stormmoreI am guessing we should consider this a security vunerability (or at least the potential to be one) since it about credentials too21:03
lazyPowerI think thats a reasonable classification21:03
lazyPowerThanks stormmore21:18
stormmoreI am debating whether I should also file one for the fact that switching to a non-"admin" user doesn't seem to use the default credential too21:24
rick_hstormmore: there's an existing bug around that being an option21:38
rick_hstormmore: typically a different user doesn't mean the admin wants to be on the hook for expenses21:38
rick_hstormmore: but there are cases where that's legit.21:38
stormmorerick_h: i get that but the non-"admin" user account I created was given the same level of access - superuser - so my assumption is that it should work the same way as the "admin" user account21:39
rick_hstormmore: I'm not sure I agree there. Trusting someone with your running bits is different than your credit card21:40
rick_hstormmore: but I understand. As I said, there's an existing bug for the admin to make that an option21:40
jrwrenuiteam: for review, a util I just ran on jujugui.org https://github.com/juju/charmstore/pull/70421:40
stormmorerick_h I agree, however I am kinda modeling it after the Linux security model of no one logging in as root, so maybe a juju sudo type command would be a good option21:41
rick_hstormmore: hmm, I tend to look at Juju more like a database server or the like.21:43
rick_hstormmore: I may trust you to help add databases/etc but am not going to give you root on the machine so you can do other things with it21:43
stormmorerick_h ah that kinda makes sense but the problem I am having is creating the "db" (model)21:46
stormmorerick_h seems odd that I can set a default credential for the user but still have to provide that credential using --credential when I am running commands like add-model21:46
rick_hstormmore: oh I'm +1 on making it better for the users there like that. I'm just -1 on auto leveraging the admin's credentials in any way21:47
stormmorerick_h I am definitely not suggesting sharing credentials across accounts just if you set add and set a default credential in any account it should behave the same way21:48
stormmorenow I am having problems adding ssh keys :-/21:59
stormmorekeeps giving me invalid key!22:00
stormmoreoh you hcae to cat out the key instead of it reading the file.22:04
=== mskalka is now known as mskalka|afk
Teranetok everyone I do have a little issue ........  how do you grab in JUJU a trunk interface and get those multpile VLAN's mapped into charms proper ? Any docu or help is welcome thank you22:19
marcoceppi_Teranet: it sounds like you want extra-bindings22:47
Teranetsorta yes23:01
Teranetso far I had eth0 also bridged but now I want to add eth1 as an additional bridge and with VLAN's23:02
=== thumper-busy is now known as thumper

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!