[07:03] <Ankammarao> Hello Juju World!!!!!
[07:03] <Ankammarao> i want to know , is there any command or process to remove or hide the old charm verions in the charm store
[08:08] <kjackal> Good morning Juju world!
[08:08] <kjackal> Ankammarao: I believe you can move the charm you have to an "non searchable" channel
[08:39] <Ankammarao> kjackal, how do i move , is there any command or process
=== frankban|afk is now known as frankban
[09:10] <kjackal> Ankammarao: you could try charm grant to remove access of a revision on a channel
[09:17] <Ankammarao> kjackal, i have tried with the grant command by giving access to only one user , but other users alos able to see now
[09:21] <kjackal> Ankammarao: Reading the help of charm grant it seems you need to use the --set flag to overwrite any already existing acls
[09:21] <kjackal> like so: charm grant ~johndoe/wordpress --acl write --set fred,bob
[09:22] <kjackal> Ankammarao: There is also the "charm revoke" you can try
[09:23] <nobuto> hi, can somebody review this pull request of apache-php layer? https://github.com/juju-solutions/layer-apache-php/pull/4
[09:23] <kjackal> Ankammarao: you can do a "charm revoke --help"
[09:52] <anita_> Hi I want to revoke the grant for one charm for specific versions only
[09:53] <anita_> when I tried with charm revoke, revoking happening charm wise
[09:53] <anita_> not version wise
[10:01] <Ankammarao> kjackal , i have tried with the revoke command , its removing or hiding complete charm , but here we want to hide only the older verions not entire charm
[10:09] <kjackal> Ankammarao: so revoke will not work if you pass in the revision like this: "charm revoke ~johndoe/wordpress-4"  ?
[10:11] <kjackal> Ankammarao: Then i think charm grant with the --set on the revision is the only option you have
[10:11] <kjackal> Ankammarao: like so: charm grant ~johndoe/wordpress-4 --channel edge --acl write --set fred,bob
[10:15] <Ankammarao> kjackal, so only fred,bob can see the charm revisions or version
[10:16] <kjackal> Ankammarao: yeap, based on the documentation
=== plars-away is now known as plars
=== perrito667 is now known as perrito666
=== zerick_ is now known as zerick
[15:25] <Hetfield> hi, i'm using LXD local cloud provider for juju
[15:25] <Hetfield> i would like to enable controller HA by enable-ha command on 3 different machines, but always LXD.
[15:26] <Hetfield> i don't know how to tell juju to use a distributed provider like that
[15:26] <Hetfield> while using MAAS, instead, it's easy and working
[15:29] <rick_h> Hetfield: that's not currently supported.
[15:29] <rick_h> Hetfield: for the moment, juju only works on one machine with lxd at a time. There's work that's been talked about for making lxd more like a cloud and juju would be updated to do more what you're looking for
[15:29] <Hetfield> rick_h: oh, good, this means i'm totally dumb :)
[15:30] <rick_h> Hetfield: no, means you're smart for wanting it and we're working on it :)(
[15:30] <Hetfield> rick_h: actually it would just mean to add more endpoints or model it as regions
[15:30] <Hetfield> rick_h: any ETA?
[15:31] <rick_h> Hetfield: now you're thinking. More like availability zones tbh
[15:31] <rick_h> Hetfield: I think the lxd bits are looking to be in 16.04 and then juju would update in the next cycle
[15:32] <Hetfield> rick_h: ok. but nowaways how to get HA for production usage (on premise)? only way is MAAS if i understand good
[15:33] <rick_h> Hetfield: well maas, any public cloud, openstack, etc all support HA on different hardware like that
[15:33] <rick_h> Hetfield: lxd is meant to be a local/one machine so HA on that isn't a thing. It's more the exception to the rule tbh
[15:34] <Hetfield> rick_h: agree
[15:34] <rick_h> Hetfield: maybe look at HA at the application level across different machines running lxd? e.g. if one machine goes boom the others can keep applications going and be brought back up?
[15:34] <Hetfield> rick_h: i meant infra HA. i mean...if machine with juju-controller ( i will deploy openstack-charms) dies, what happens?
[15:35] <rick_h> Hetfield: so you're running openstack on a single machine?
[15:35] <Hetfield> i didn't want to add pacemaker or such cluster tools
[15:35] <Hetfield> so, on several, let's say 10
[15:35] <rick_h> Hetfield: sorry, I think I got confused. So you're going to run openstack then yes, we'd suggest you use maas to get that going
[15:36] <rick_h> Hetfield: if you want to put the controllers in containers you need to manually setup VMs on the machines you want and add them to maas
[15:36] <rick_h> Hetfield: then target those in bootstrap/enbale-ha with the --to/constraints arguments
[15:36] <Hetfield> oh, yes, it was my solution
[15:36] <rick_h> Hetfield: there's not really a suggested production way to do openstack with the lxd provider, more the maas provider and our default tools stick things in lxd containers and spread them across machines for resiliency
[15:36] <Hetfield> but as i'm going to use lxd for openstack components (apart nova...) i wanted to add lxd juju controllers too
[15:37] <rick_h> Hetfield: right, there's the chicken and egg problem there. To get around it you have to have the containers setup and in MAAS that looks like machines
[15:38] <Hetfield> yes right
[15:38] <Hetfield> it's very interesting
[15:38] <Hetfield> rick_h: a sort of: how to compile gcc :)
[15:39] <rick_h> :)
[15:54] <kklimonda> is there documentation on creating local mirror of juju agent (and probably other tools) needed for bootstrap? I have a terrible internet connection where my juju is installed at.
=== balloons26 is now known as balloons
[16:03] <kklimonda> looks like I have sstream-mirror https://streams.canonical.com/juju/tools [...]
[16:04] <kklimonda> but I'd rather avoid downloading 5.5GB with all the releases
[17:13] <Zic> lazyPower: hi, if you have any things that I can beginning to test tomorrow morning without waiting for you (as we don't have so much time where we can talk, both of us, in a day with the local clock time) :)
[17:13] <lazyPower> Zic - i just got a good build of the charm deployed in lxd (1 time)
[17:13] <Zic> dat sync \o/
[17:14] <anita_> Hi, How can I revoke one specific version of a charm?
[17:14] <lazyPower> Zic - by end of day i'll have pinged you with a pr  and a personally published charm revision you can use for testing
[17:14] <anita_> i tried revoke, but it is revoking charm wise
[17:14] <lazyPower> we might push this in the edge channel i need to sync with the team
[17:14] <lazyPower> Zic - however, the end game is we are on the right path to getting this fixed for your use case by end of week
[17:14] <Zic> they don't call me today (I'm out of office), so I expect the cluster worked fine with the singlemaster without me :)
[17:14] <lazyPower> Zic  fantastic :)
[17:14] <lazyPower> thanks for pinging back and keeping up on this
[17:15] <lazyPower> once i've got this in flight in kubes/kubes, i'll need your feedback on the PR and i'll need to rotate to another issue, however this should get yo moving for more testing/feedback of the HA master. There's likely to still be some gremlins in there as this is first-pass stuff
[17:15] <lazyPower> well second-pass actually
[17:15] <lazyPower> but i digress
[17:20] <anita_> Hi, How can I revoke one specific version of a charm? i tried revoke, but it is revoking charm wise, all versions are revoking
[17:22] <lazyPower> anita_ - you can change the published "tip" of that charm stream to a prior revision or the next revision in sequence
[17:22] <lazyPower> anita_ charm release cs:~team/entity-version  --channel=stable   should move the stable revision where you're looking to point it.  same with other channels, just sub in the channel name
[17:22] <anita_> lazyPower_:I didnt get
[17:23] <lazyPower> anita_ - however i think the point is you dont revoke, its a moving "alias" pointing at the revision you want to represent the latest known good revision for that channel
[17:24] <lazyPower> anita_ - as teh charm itself is all tracked linearly in the "Unpublished" stream. you're just pointing to different combinations of the charm version and potentially any resources, when you do the charm release. there' s a diagram for this in the docs under the charm store page in the dev guide
[17:24] <anita_> like I want to grant 6th version where as i want to revoke 4 and 5
[17:25] <lazyPower> anita_ https://jujucharms.com/docs/stable/authors-charm-store#entities-explained
[17:25] <anita_> lazyPower_:Ok let me check
[17:34] <Zic> lazyPower: feel free to PM me in IRC if instructions are too long to put it here :) I will begin test tomorrow at 09:00 UTC, I will have time to do some tests before you wake up and make a recap of what I observed ^^
[17:34] <lazyPower> Zic - sounds good
[17:34] <lazyPower> Zic - i'll put it somewhere thats simple like juju deploy cs:~lazypower/canonical-kubernetes --channel=edge  or somethign similar. the idea is to get it in your hands as fast as possible
[17:34] <lazyPower> so i'll eat that pretext work, and you focus on the usability/feedback cycle
[17:35] <lazyPower> when you're ready we'll fold you in on the buiding from source routine, its a little complex for first time juju developers... a lot of custom tooling in here
[17:35] <Zic> my time is divided at work between CDK/Kube and learning Go this days... so I'm available for intensive tests if you need :)
[17:35] <lazyPower> Zic but if i can get you knowledgeable in our stack, it would be great to add you as a reviewer of the CDK code as it comes up for landing in kubernetes/kubernetes
[17:36] <lazyPower> not that i have ulterior motives here ;)
[17:36] <Zic> I'm interested in it yeah, as I'm planning to write some juju charms in a near future
[17:36] <Zic> (and all knowledge about Juju will be helpful, as one of my teamworker is planning to use Juju for an OpenStack cluster)
[17:38] <anita_> lazyPower_: I want to revoke the read/write permission completely from those versions.
[17:38] <lazyPower> anita_ - there is no revoke, you can change the head pointer
[17:38] <anita_> oh ok
[17:38] <lazyPower> the grant/revoke will sweepingly add permissions to an entire channel
[17:39] <lazyPower> so thats why it appears like you've revoked the entire charm. Thats intended for doing early access isolation to a group of users for testing, eg: edge can only be deployed by dept. a and dept. b
[17:39] <lazyPower> dept c - f will have to wait until it lands in candidate, as its too high risk for those models
[17:39] <anita_> ok
[17:39] <lazyPower> the whole point is risk assessment and subscription, the reason for no revoke is if someone deploys that revision and you revoke it, you've abandoned htem in the release chain
[17:40] <Zic> I don't know if Juju's code is a great place to show "Go in action" for a very-beginner of Golang :> but one of the attribute of Go seems to be "you will be able to read other's code in a week"
[17:41] <Zic> an attribute that, as a C developer, I was never completely able to, after some years of C, depending of the software-stack
[17:41] <Zic> we'll see :D
[17:42] <lazyPower> Zic - well I was also told ruby will eat teh world of software and we see how far that went
[17:44] <Zic> hehe, I'm still confronted to Ruby as we heavily use Puppet here
[17:44] <Zic> and for some hacks that cannot be in Puppet's language, we directly neeed Ruby's code :(
[17:45] <lazyPower> Zic - i'm familiar with the syndrome
[17:45] <lazyPower> thats one of the reasons why we went with reactive and pure python. DSL's are great when you *want* rails, but there's often times where you need to write up a funky little method to do something highly specific and it fits together better like that.
[17:45] <Zic> lazyPower: I was told that JS will be everywhere, as Web Developers "contaminate" (with all my respect to web developers) the system-programming with NodeJS
[17:45] <lazyPower> artisinal coding vs cargo-culting.
[17:46] <Zic> and now, we see Rust, Go and other compiled language, with a strong approach to be system-programming
[17:46] <Zic> so I'm happy :)
[17:46] <lazyPower> Zic - yep, predictions are just that, marketing tools to guide you somewhere, despite the social dynamic and "social climate" being very different indicators of that statement.
[17:46] <Zic> *execept* when I saw that Unity 8, and even GNOME project emphasis JS as the "de facto primary language" :'(
[17:46] <lazyPower> well you never know ;)
[17:46] <Zic> with Unity 8 using pure-QML, and GNOME with GJS
[17:47] <lazyPower> js does make for an awesome wiring language to put together UI elements and give them behavior
[17:47] <lazyPower> i'm kind of happy to see ECMASCRIPT getting some love
[17:47] <lazyPower> but thats a very different beast than the devops we're working on
[17:48] <Zic> in my company, most of our customer stills use PHP for backend, some of them used NodeJS
[17:48] <Zic> some of *our* backend are in Go at contrary :)
[17:49] <lazyPower> well with the incoming dockerpocalypse we'll see a lot more using the whole menagerie of backend tech because containers and their nature of disposable infra
[17:49] <lazyPower> for quick POC style testing, and the longer-term applications that make the cut
[17:49] <Zic> when I talk about LXD in our weekly meeting, the immediate question was "And can we run Docker in it ? And in what way it's different from Docker in Docker?"
[17:49] <lazyPower> i woudln't be surprised if you find a stack of python, ruby, nodejs, go, php, and probably even some erlang if you're persnickety
[17:49] <Zic> *sigh*
[17:50] <lazyPower> Zic - we have some material on that which may help
[17:50] <lazyPower> there's an inforgraphic for lxd vs docker
[17:50] <lazyPower> which calls out the strengths of each given context
[17:50] <lazyPower> Zic - something like this is a good way to start teh conversation https://insights.ubuntu.com/2015/09/23/infographic-lxd-machine-containers-from-ubuntu/
[17:51] <Zic> yeah, but I know it will finish in "LXD is replacing our VMs, right, but... *Where can I run my Docker?*"
[17:51] <lazyPower> Zic - the answer is "just about anywhere/everywhere"
[17:51] <lazyPower> we've gone through great lengths to ensure docker works in all those substrates
[17:52] <Zic> the one thing is at least, I will try to replace my local use of KVM/Qemu with LXD containers for my future test
[17:52] <lazyPower> we want docker on ubuntu to just work. I think the only place left as a hold out is bash on windows, and who knows where that API is, i'm not working on the project so its hard to say.... but if i were to guess those system calls will eventually be translated and you'll see something fun in there.... but dont hold me to that, I have no idea if thats on the roadmap, its pure speculation.
[17:52] <lazyPower> Zic  - man ;) I'm using lxd right now to test this HA patch
[17:52] <Zic> :D
[17:52] <lazyPower> the brilliant part of LXD is the capacity to model and test HA deployments locally
[17:53] <lazyPower> you can *even* simulate network partitions
[17:53] <lazyPower> with a simple profile edit on the lxd container
[17:53] <lazyPower> want to see what etcd really does when you pull the plug on 2 units? no problem
[17:53] <lazyPower> snip snp
[17:53] <lazyPower> oh look 2 units died and the one unit is complaining it cant find quorem
[17:53] <lazyPower> welp,  i guess 3 nodes is disaster, better scale to 5
[17:54] <lazyPower> (how i validated the etcd documentation assertions)
[17:54] <Zic> anyway, what push me to do some learning of Go was because Canonical's tools seems to use Go as primary language now (was Python few years back); before I was like "meh, another language... at least it's compiled, fine" :>
[17:54] <lazyPower> lol i nkow you're excited about this
[17:54] <lazyPower> you were all jazzed last week
[17:54] <lazyPower> i'm sorry i dont share your enthusiasm about go :) I'm pretty lazer focused on our k8s roundup these days
[17:54] <Zic> hehe :D
[17:55] <Zic> I'm not a go-enthusiast for now, I'm still learning it as "secondary-class language", like I did with Ruby (was forced to, with Puppet)
[17:55] <Zic> maybe it will become one of my main tooling language at future
[17:55] <Zic> maybe. :)
[17:56] <lazyPower> Zic - the world can only hope for so much awesomeness my friend
[17:56] <Zic> for now, my main language are Bash, Python & C
[17:56] <lazyPower> go forth and conquer
[17:58] <Zic> and I didn't talk about Rust :D as I'm a pro-Firefox, I'm stalking Servo evolution and Rust language too :)
[17:58] <Zic> Rust is not as easy to adopt as Go anyway, but seems to be a great language also
[18:00] <lazyPower> i know the prime author behind it. I used to attend meetups with steve klabnick
[18:00] <lazyPower> he's a pretty smart dude, so i have no doubt rust is the bees knees
[18:01] <Zic> it's one of the reason I love C, it's nearly 45 years now iirc, it resists to the "hype and the dance of programming language"
[18:02] <Zic> I love to saw one of my sandbox program of 1999 still running and that I'm able to edit it easily
[18:02] <Zic> it's not the same when I found an old Java program of myself :p
[18:02] <Zic> (yeah, I did Java... at school... *burp*)
[18:30] <stormmore> howdy juju world!
=== frankban is now known as frankban|afk
[19:15] <lazyPower> o/ stormmore
[19:15] <lazyPower> Zic making the PR now, will ping you with instructions before i move to the next objective
[19:25] <derekcat> Hey everyone, does anyone know where Juju stores ssh known_hosts? It keeps telling me to:  ssh-keygen -f "/tmp/ssh_known_hosts736182584" -R <IP address>  ...Which obviously doesn't work when the /tmp version disappears...
[19:34] <lazyPower> Zic - if you want to tag and follow along - https://github.com/kubernetes/kubernetes/pull/41351
[19:36] <CarlFK> how do I clean up machine 1?   juju status: http://paste.ubuntu.com/23990363/
[19:36] <lazyPower> CarlFK juju remove-machine 1 --force
[19:38] <CarlFK> lazyPower: thanks. one down.  now to figure out why  30 min later cnt5 is still "installing charm software"
[19:40] <CarlFK> never mind.  need for it has evaporated.
[19:41] <lazyPower> Zic - simple instruction is to deploy teh bundle via conjure-up as normal, when you're at the waiting/allocating screen: juju upgrade-charm kubernetes-master --switch cs:~lazypower/kubernetes-master --channel=edge
[19:42] <lazyPower> Zic - that should replace your masters with the patched version for HA and you should be able to start testing from there. it's in the pipeline and ready for testing from my store copy of that charm. The remainder of the bundle was untouched by this change.
[20:08] <marcoceppi> derekcat: I think that's on the controller? rick_h ^?
[20:10] <derekcat> marcoceppi: Do you know where it might be on the controller?  I've tried find / -name known_hosts but nothing is found..
[20:10] <derekcat> *as root
[20:19] <bdx> derekcat: I don't think there should be a known_hosts file by default, should there be?
[20:19] <bdx> juju just adds ssh keys to .ssh/authorized_keys for the ubuntu user to allow access
[20:23] <derekcat> bdx: It's got one somewhere..  From the box that I administer Juju from, I can ssh ubuntu@<IP of machine added to Juju>, but when I try to juju ssh postgresql/14 it comes back with a host identification error: @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
[20:30] <marcoceppi> derekcat: is there one in ~/.local/share/juju/
[20:30] <marcoceppi> ?
[20:33] <derekcat> marcoceppi: jujuadminbox:~/.local/share/juju/ssh only has juju_id_rsa  juju_id_rsa.pub
[20:33] <marcoceppi> derekcat: I've not been able to find this either. It might be worth asking on juju@lists.ubuntu.com
[20:35] <derekcat> marcoceppi: Ahh dang..  I'll give that a shot.  Thank you!
[20:38] <GMR-OB> Anyone in here who knows how to fix a Percona Cluster (JUJU CHARM)  when all nodes are in blocked status ?
[20:41] <lazyPower> GMR-OB - existing deployment or fresh deploy?
[20:41] <GMR-OB> existing Deployment happened after a RAM crash on a single Server
[20:42] <GMR-OB> Box is back up but now Percona Cluster is  saying status blocked on all 3 nodes : juju giu shows all ok
[20:42] <lazyPower> GMR-OB  is this part of an openstack deployment?
=== GMR-OB is now known as teranet
[20:43] <teranet> yes it is sorry had to fix my nicname too LOL
[20:43] <lazyPower> teranet np :) I was going to suggest poking in #openstack-charms, i would suspect that whatever is blocking you has come up in CI before
[20:43] <teranet> ok will do thx
[20:43] <lazyPower> and its likely someone there might have some advice, otherwise i'm happy to take stabs at helping you resolve with generic troubleshooting advice
[20:54] <Zic> lazyPower: ack, I will try this tomorrow :)
[20:54] <lazyPower> Zic - final note is its cs:~lazypower/kubernetes-master-11
[20:55] <lazyPower> if you see it grab a diff revision, somethings wrong and you should specify revision 11 explicitly to the command. but the channels should "just work"
=== scuttle` is now known as scuttlemonkey
[23:50] <stormmore> damn it getting a bad gateway error :-/
[23:54] <lazyPower> stormmore - on cdk?
[23:55] <stormmore> yeah but it is most likely my fault :-/
[23:55] <lazyPower> stormmore - ive had some reports of 502 bad gateways on deployments recently and i haven't been able to reproduce
[23:55] <lazyPower> if you can reproduce it reliably please file a bug, it might be racey
[23:55] <lazyPower> which would explain why i'm not seeing it and others are
[23:57] <stokachu> stormmore, you deploying on aws?
[23:57] <stormmore> I just did a basic ingress controller but I suspect it is cause I got my container to redirect http to https
[23:57] <stormmore> stokachu yeah I am
[23:57] <stokachu> stormmore, what version of juju?
[23:58] <stormmore> juju 2.0.3
[23:59] <stokachu> hmm ok