[05:30] <stormmore> hmmm that is odd, for some reason the flannel charm wont let me add a relation to kubernetes-worker charm :-/
[07:10] <kjackal> Good morning Juju world!
[07:43] <stormmore> *sigh* I forget to setup an ssh key for my user before deploying the kubernetes bundle :-/
[08:00] <stormmore> I am guessing my only option is destroy and recreate, anyone still awake who might know of another option?
=== frankban|afk is now known as frankban
[08:37] <aisrael> stormmore, sorry, I don't have scrollback atm. What's the issue?
[08:38] <Budgie^Smore> I forgot to add an ssh key when I deployed the kubernetes bundle so couldn't scp anything from the master node
[08:38]  * Budgie^Smore was being a dumb-a** 
[08:39]  * Budgie^Smore is stormmore on his "other" computer 
[08:40] <aisrael> Budgie^Smore, stormmore, Ahh, sorry. I'm afraid I'm not up to speed on k8's enough to help with that. :(
[08:41] <Budgie^Smore> the kubernetes part is a red herring in this instance, to simplify I couldn't use juju scp or juju ssh to access juju managed systems
[08:42] <Budgie^Smore> not a huge deal, decided to destroy the model and rebuild it tomorrow
[08:43] <Budgie^Smore> I did come across what might be a bug after that... decided to create another user in juju, then deleted it cause I couldn't figure out how to add a display name, then it wouldn't let me readd the same user even though it wasn't listed
[08:43] <Budgie^Smore> maybe I was being impatient?
[08:44] <Budgie^Smore> the user wasn't list in juju users
[08:46]  * Budgie^Smore does some weird things when he is learning new toys 
[09:01] <deanman> morning
[09:12] <Zic> "SaMnCo | and, last but not  least, I'm trying to get good low level sysadmin feedback on Juju usage to document"
[09:13] <Zic> ping back SaMnCo, glad to help if you need my review :)
[09:13] <Zic> (cc jcastro also, same answer :D)
[09:14] <Budgie^Smore> care to definte "low level sysadmin"?
[09:24] <Zic> Budgie^Smore: I take it like "core level", like C is a low-level language, but maybe I'm mistaken
[09:25] <Budgie^Smore> so someone who handles the infrastructure then is what I would think as low level sysadmin
[09:55] <SaMnCo> Zic:  Budgie^Smore right what I want to capture is from your views on how Juju represents the world. Vs your view of it
[09:55] <SaMnCo> So not the charms themselves but the tool
[09:55] <SaMnCo> Core is probably better wording
[09:56] <Budgie^Smore> The one big thing I love about juju is it's GUI as it is a great way to visible show PHBs the "world"
[09:57] <SaMnCo> As well as the key questions you asked yourself when you started
[09:57] <SaMnCo> And eventually struggled to answer
[09:57] <SaMnCo> Or find answers for
[09:58] <Budgie^Smore> I will be honest and say the only reason I came across Juju was cause I was looking for tools to manage machines from a powered off state and found MaaS
[10:09] <Budgie^Smore> OK I will see you guys in a few hours, need to get some zee
[10:11] <junaidali> Hi blahdeblah : the openstack-base bundle has ntp charm without ntpmaster. The auto_peers is also not set. Will we be good with clock sync when the internet is disconnected?
[10:25] <Zic> lazyPower: http://paste.ubuntu.com/23868491/ is it normal from etcd?
[10:26] <Zic> all is working actually, but I show this by hasard
[10:29] <Zic> lazyPower: also, normally there is a "etcd-4" but I don't see it :(
[10:36] <Spaulding> hello juju world!
[11:23] <junaidali> Hi Spaulding
[12:34] <rick_h> stormmore: you can add SSH keys to juju with juju add-ssh-key. Now, I don't think that will retro add to previous units but using add-unit should get you new ones with the key there.
[13:53] <CoderEurope> marcoceppi_: Hows it going with Discourse charm ?
=== CyberJacob is now known as zz_CyberJacob
[15:02] <lazyPower> Zic yeah, the component status does'nt use teh TLS certificate to verify
[15:02] <lazyPower> Zic i've only ever gotten etcd to display properly in component status when its non tls secured
=== alexisb__ is now known as alexisb-afk
[16:11] <ryebot> Anyone else hitting 502 errors trying to `charm attach`?
[16:14] <rick_h> uiteam ^
[16:22] <lazyPower> ryebot - its been ages since i've encountered that
[16:22] <lazyPower> whats the size of your upload?
[16:25] <ryebot> lazyPower: 9.2MB
[18:05] <lazyPower> ryebot that seems unusually small to be throwin 502's
[18:05] <lazyPower> ryebot it might have been temporary load against the charm store, is it still throwing errors at you?
[18:05] <ryebot> let me try again
[18:05] <lazyPower> i've seen that 502 with like, 1GB attempted uploads
[18:05] <lazyPower> it simply times out during transfer
[18:06] <ryebot> nope, still fails :|
[18:06] <lazyPower> but if you hit it during a deployment, or under extreme load, you'll also see that
[18:06]  * lazyPower weeps silently
[18:06] <ryebot> I must be doing something stupid
[18:06] <lazyPower> jrwren imma poke you with some <3 to see if you can poke the right pplz about a 502 issue on upload? the last time we hit this it was a prodstack deployment underway
[18:08] <jrwren> you can try.
[18:09] <lazyPower> oooo
[18:09] <lazyPower> you wanna go jrwren? :D want some of this hot 502 error action? :D
[18:09] <lazyPower> sorry i've had too much coffee this morning
[18:19] <stormmore> howdy juju world
[18:20] <stormmore> thanks rick_h I figured as much, it would be nice to be able to add keys retroactively though since it would allow to add / update keys for users
[18:21] <stormmore> for instance, in my last job we had to "rotate" our ssh keys every 90 - 180 days (depending on access type)
[18:21] <rick_h> Yea...Thinking. as long as you have the old key you can update/add the new one
[18:22] <rick_h> Juju run ... Across machine's I guess.
[18:22] <rick_h> It's something that'd be great.to support better
=== frankban is now known as frankban|afk
[18:26] <stormmore> admittedly if I am going to use ssh for much going forward I really want to use client certs instead of keys
=== mskalka is now known as mskalka|afk
=== alexisb-afk is now known as alexisb
=== mskalka|afk is now known as mskalka
[20:40] <stormmore> so I just created a new superuser account on my controller, switched to it, add a credential and set default cred and region but when I run juju add-model <model name> it keeps saying that I didn't provide a credential. is that expected?
[20:41] <lazyPower> stormmore - yep, you have to set the default credential if you want a default credential.
[20:41] <stormmore> lazyPower I did run juju set-default-credential
[20:41] <lazyPower> oooo
[20:41] <lazyPower> i missed that, osrry
[20:42] <lazyPower> that seems wrong indeed
[20:42] <lazyPower> well this bit of our docs seems oddly specific to that behavior
[20:42] <lazyPower> Setting a default credential means this will be used by the bootstrap command when creating a controller, without having to specify it with the --credential option.
[20:43] <stormmore> no worries, I am wondering if there is a default cred that is separate for models vs controllers
[20:44] <lazyPower> stormmore - did you juju set-default-credential "credential-name" "username" ?
[20:44] <lazyPower> or for the cloud rather
[20:44] <lazyPower> juju set-default-credential aws carol -- is the example from the doc
[20:45] <stormmore> yeah so I set the default credential for aws
[20:45] <lazyPower> yeah iw ould have expected that to set it for every request unless overridden with --credential
[20:46] <lazyPower> i too pass --credential on a hosted controller i've been using for the past month and haven't been bothered with looking into why thats the case. On my next deploy i'll try to replicate a successful configuration where it doesn't require the --credential. I'm fairly certain we support this
[20:46] <stormmore> it seems odd when the "admin" user doesn't require it
[20:47] <stormmore> that is why I am thinking I did something wrong
[20:47] <lazyPower> yeah, i'm mostly certain its a local config thing that you can run a command to set it like a context and it "just works"
[20:53] <stormmore> it is gets even weirder, I just noticed when I added a "test" model using the admin account that it wasn't using the default credential I set so I deleted the model, deleted the cred and readded the model and it used the "deleted" cred! http://paste.ubuntu.com/23871129/
[20:54] <lazyPower> stormmore yeah, thats definitely bug worthy. Would you mind capturing the steps you outlined in a bug so we can reproduce and get some engineering eyes directed at that?
[20:55] <stormmore> of course I wouldn't mind :) just don't like to file "bugs" that aren't bug worthy ;-) hence check here first
[20:58] <stormmore> I am finally having to register for a Ubuntu One account! Woot!
[20:59] <lazyPower> #nailed-it-aced-it-cant-be-stopped
=== thumper is now known as thumper-busy
[20:59] <lazyPower> look @ you go stormmore :)
[20:59] <stormmore> lol
[21:03] <stormmore> I am guessing we should consider this a security vunerability (or at least the potential to be one) since it about credentials too
[21:03] <lazyPower> I think thats a reasonable classification
[21:15] <stormmore> filed
[21:18] <lazyPower> Thanks stormmore
[21:24] <stormmore> I am debating whether I should also file one for the fact that switching to a non-"admin" user doesn't seem to use the default credential too
[21:38] <rick_h> stormmore: there's an existing bug around that being an option
[21:38] <rick_h> stormmore: typically a different user doesn't mean the admin wants to be on the hook for expenses
[21:38] <rick_h> stormmore: but there are cases where that's legit.
[21:39] <stormmore> rick_h: i get that but the non-"admin" user account I created was given the same level of access - superuser - so my assumption is that it should work the same way as the "admin" user account
[21:40] <rick_h> stormmore: I'm not sure I agree there. Trusting someone with your running bits is different than your credit card
[21:40] <rick_h> stormmore: but I understand. As I said, there's an existing bug for the admin to make that an option
[21:40] <jrwren> uiteam: for review, a util I just ran on jujugui.org https://github.com/juju/charmstore/pull/704
[21:41] <stormmore> rick_h I agree, however I am kinda modeling it after the Linux security model of no one logging in as root, so maybe a juju sudo type command would be a good option
[21:43] <rick_h> stormmore: hmm, I tend to look at Juju more like a database server or the like.
[21:43] <rick_h> stormmore: I may trust you to help add databases/etc but am not going to give you root on the machine so you can do other things with it
[21:46] <stormmore> rick_h ah that kinda makes sense but the problem I am having is creating the "db" (model)
[21:46] <stormmore> rick_h seems odd that I can set a default credential for the user but still have to provide that credential using --credential when I am running commands like add-model
[21:47] <rick_h> stormmore: oh I'm +1 on making it better for the users there like that. I'm just -1 on auto leveraging the admin's credentials in any way
[21:48] <stormmore> rick_h I am definitely not suggesting sharing credentials across accounts just if you set add and set a default credential in any account it should behave the same way
[21:59] <stormmore> now I am having problems adding ssh keys :-/
[22:00] <stormmore> keeps giving me invalid key!
[22:04] <stormmore> oh you hcae to cat out the key instead of it reading the file.
[22:04] <stormmore> have*
=== mskalka is now known as mskalka|afk
[22:19] <Teranet> ok everyone I do have a little issue ........  how do you grab in JUJU a trunk interface and get those multpile VLAN's mapped into charms proper ? Any docu or help is welcome thank you
[22:47] <marcoceppi_> Teranet: it sounds like you want extra-bindings
[23:01] <Teranet> sorta yes
[23:02] <Teranet> so far I had eth0 also bridged but now I want to add eth1 as an additional bridge and with VLAN's
=== thumper-busy is now known as thumper