/srv/irclogs.ubuntu.com/2017/02/14/#juju.txt

stokachu	i see that 502 error sometimes too	00:00
stokachu	hard to reproduce	00:00
stormmore	could it be because I don't have dns setup correct?	00:01
stormmore	yup that was the problem	00:05
stormmore	now I have to figure out why my ingress isn't presenting the right wrong cert	00:51
lazyPower	"the right wrong cert" - so many questions about this statement...	00:54
stormmore	lazyPower well I am expecting an error due to DNS not being setup instead of a CA / self-signed issue	00:57
stormmore	lazyPower do you have an example of a https ingress pulling it's cert from secrets collection to help me see where I went wrong?	01:01
stormmore	for some reason my ingress is pulling a self-signed cert!!	01:02
lazyPower	https://kubernetes.io/docs/user-guide/ingress/	01:02
lazyPower	under the TLS header	01:02
stormmore	yeah that is what I was using :-/	01:03
lazyPower	https://github.com/kubernetes/ingress/blob/master/controllers/nginx/README.md#https	01:03
lazyPower	are you attempting to configure this via configmap?	01:03
lazyPower	just perchance? we have an open PR to impelement that feature, however its author is on vacation	01:03
lazyPower	i may need to piggyback it in	01:03
stormmore	no just did a kubectl create secret tls wildcard --key <key file> --cert <cert file>	01:05
lazyPower	hmm ok	01:05
stormmore	https://gist.github.com/cm-graham/51c866e87934b53daa64afa104a4f6b7 is my YAML	01:07
lazyPower	stormmore - can you confirm the structure of the secret has the keys 'tls.key' and 'tls.crt'?	01:09
stormmore	lazyPower - yeah that is one of things I checked	01:09
lazyPower	honestly iv'e only ever tested this with self signed tls keys	01:10
lazyPower	i'm not sur ei would have noticed a switch in keys	01:10
stormmore	I am still curious as to were it got the cert it is serving it	01:11
lazyPower	let me finish up collecting this deploy's crashdump report and i'll context switch to looking at this stormmore.	01:11
lazyPower	i'm pretty sure the container generates a self signed cert that it will offer up by default	01:11
lazyPower	and you're getting that snakeoil key	01:11
stormmore	yeah that is what I am thinking	01:11
lazyPower	like the ingress rule itself isn't binding to that secret	01:11
lazyPower	so its falling back to default	01:11
stormmore	one way to test that threory... going to go kill a container!	01:11
stormmore	hmmm so the container needs to present that cert first?	01:12
lazyPower	i dont think so	01:12
lazyPower	stormmore ok sorry about that, now i'm waiting for a deploy of k8s core on gce.	01:28
lazyPower	i'll pull this in and try to get a tls ingress workload running	01:28
stormmore	lazyPower no worries, as always I don't wait for anyone :P	01:28
lazyPower	good :)	01:28
lazyPower	if you cant get this resolved i'll happily take a bug	01:28
stormmore	lazyPower I am trying a different namespace to see if it is a namespace overload issue	01:28
stormmore	OK definitely not an namespace issue and even deleting the deployment, service and ingress didn't stop it serving the right wrong cert	01:30
stormmore	and I have confirmed that the container services the right cert if I run it locally	01:34
lazyPower	you mean locally via minikube or via lxd deployment or?	01:34
stormmore	even simpler ... docker run -p...	01:35
lazyPower	ok, i woudl expect there to be different behavior between that and the k8s ingress controller	01:37
lazyPower	it has to proxy tls to teh backend in that scenario + re-encrypt with whatever key its serving from configured in the LB	01:37
stormmore	just rulling out the container 100%	01:38
stormmore	it serves both tls and unsecure traffic at the moment so should be fine for lb/ingress at the moment	01:38
* lazyPower nods		01:39
stormmore	yeah I am running out of ideas on what to try next :-/	01:42
stormmore	well short of destroying the cluster and starting again!	01:46
stormmore	you should only need to setup the deployment, service and ingress right?	02:13
lazyPower	stormmore correct	02:13
stormmore	hmmm sigh :-/ still no serving the cert from the secret vault	02:13
lazyPower	stormmore - this is whats incoming https://github.com/kubernetes/kubernetes/pull/40814/files	02:18
lazyPower	and it has tls passthrough from the action to the reigstry running behind it, but its configured via configmap.	02:19
lazyPower	so this branch is a pre-req to get the functionality but this is our first workload configured with tls that we have encapsulated as an action, which has the manifests	02:20
stormmore	yeah I am monitoring that	02:21
stormmore	I am also thinking nexus3 is potentially a better option for us as it gives us other repository types than docker registeries	02:22
stormmore	also I am only using it at the moment as a test service	02:22
stormmore	going to find an AWS region we aren't using an setup the VPC more appropriately for a cluster	02:23
stormmore	going to head home and see if I can do that	02:23
=== thumper is now known as thumper-afk
Budgie^Smore	lazyPower it's stormmore, do you know of a good guide for spinning up a k8s aws cluster including setting up the VPC appropreiately?	03:29
abhay_	Hi Chris	04:24
abhay_	are you there chris ?	04:27
veebers	abhay_: see pm	04:27
abhay_	ok	04:27
=== frankban\|afk is now known as frankban
kjackal_	Good morning Juju World!	08:55
kklimonda	how do I create bundle with local charms?	09:11
kklimonda	(using juju 2.0.3)	09:11
kklimonda	right now I have a bundle/ directory with bundle.yaml and charms/ inside, and I'm putting local charms into charms/)	09:14
kklimonda	but when I try to use charm: ./charms/ceph-269 I get an error >>path "charms/ceph-269" can not be a relative path<<	09:15
kklimonda	I guess I can workaround by passing an absolute path instead, but that's not what I should be doing	09:28
kjackal_	Hi kklimonda, I am afraid absolute path is the only option at the moment.	09:42
SimonKLB	what is the best practice for exposing isolated charms (i.e. charms co-located in LXD containers) ?	10:22
SimonKLB	right now i manually add iptables rules to port forward since expose doesnt seem to be enough, but perhaps there is a juju-way ?	10:23
magicaltrout	that is the way SimonKLB	10:33
magicaltrout	all expose does is if you have a provider that understands firewalls, to open the port	10:34
magicaltrout	LXD obviously doesn't so expose does nothing	10:34
SimonKLB	magicaltrout: right, do you know if there has been any discussion regarding this before? it would be neat if the expose command did the NAT:ing for us if the targeted application was in an LXD container	10:37
SimonKLB	but perhaps this is not implemented by choice	10:37
magicaltrout	SimonKLB: I've brought it up before, I don't think it ever really got anywhere. You could do this type of thing https://insights.ubuntu.com/2015/11/10/converting-eth0-to-br0-and-getting-all-your-lxc-or-lxd-onto-your-lan/	10:50
magicaltrout	basically just bridge the virtual adapter through the host adapter and get real ip addresses	10:50
magicaltrout	all depends on how much you can be bothered :)	10:50
SimonKLB	magicaltrout: i wonder how well that's going to work on a public cloud though	10:59
kklimonda	any idea how to debug juju MAAS integration? I can deploy juju controller just fine, but then I can't deploy my bundle - juju status shows all machines in a pending state, and maas logs show no request to create those machines	11:02
magicaltrout	SimonKLB: indeed, it will suck on a public cloud :)	11:04
magicaltrout	i reckon there is probably scope for a juju plugin someone could write to add that functionality though. Something like juju nat <application-name>	11:05
magicaltrout	but i'm not that guy! ;)	11:05
kklimonda	also, are there any chinese mirrors of streams.canonical.com?	11:18
magicaltrout	hey kklimonda i'm not a maas user so I can't offer help but you could also #maas if you're not already there to see if other people are awake	11:40
kklimonda	#juju seems to be more active	11:41
magicaltrout	lol fair enough	11:41
magicaltrout	it will certainly pick up later in the day when more US folks come online	11:41
magicaltrout	kjackal_ might be able to provide some MAAS support, I'm not sure	11:41
ayush	cholcombe: Hey	11:43
ayush	cholcombe: I needed some help regarding the Ceph Dash charm	11:43
ayush	help	11:45
magicaltrout	ayush: you might find people awake on #openstack-charms	11:52
ayush	Thanks. Will check there :)	11:53
anrah	Hi! Can someone help with juju storage and cinder?	11:54
anrah	My deployments are working fine to my private openstack cloud, but I would want to use cinder volumes on my instances for logfiles etc.	11:55
anrah	I have https enabled on my openstack and I use ssl-hostname-verification: false	11:56
anrah	Units get added without problem, but when I want to add storage to instances I get error https://myopenstack.example.com:8776/v2/b3fbae713741428ca81bca384e037540/volumes: x509: certificate signed by unknown authority	11:57
kjackal_	kklimonda: I am not a maas user either, so apart from the usual juju logs I am not aware of any other debuging ...facilities	12:37
kjackal_	anrah: You might have better luck asking at #openstack-charms	12:38
anrah	I'm not deploying openstack :)	12:40
anrah	I'm deploying to OpenStack	12:40
anrah	OpenStack as provider	12:40
kklimonda	kjackal_: so it seems juju is spending some insane amount of time doing... something, most likely network related, before it starts orchestrating MAAS to prepare machines	13:00
cory_fu	stub, tvansteenburgh: ping for charms.reactive sync	13:01
kklimonda	this is a lab somewhere deep in china, and the connection to the outside world is just as bad as I've read about - it looks once juju finishes doing something it starts bringing nodes, one at a time	13:02
magicaltrout	kklimonda: so a few things should happen, MAAS will check to make sure it has the correct images as far as I know, if it doesn't it'll download some new ones, likely Trusty and Xenial	13:03
magicaltrout	then when juju spins up it will start downloading the juju client software and then do apt-get update etc	13:03
kklimonda	for the maas images, I've created a local mirror with sstream-mirror and pointed MAAS to it	13:04
kklimonda	it's definitely possible that juju is trying to download something else	13:06
magicaltrout	yeah it will download the client, then when thats setup any resources it needs for the charms	13:06
kklimonda	can I point it to alternate location?	13:07
magicaltrout	not a clue, clearly you can run an apt mirror somewhere	13:07
magicaltrout	i don't know how you point cloud init somewhere else though	13:07
* magicaltrout taps in kjackal_ or an american at this point		13:08
kklimonda	I don't think it's even getting to apt	13:08
kjackal_	kklimonda: I am not sure either, sorry	13:09
kklimonda	controller is deployed and fine, and machines are in pending state without any visible progress for at least 10 minutes (that's how long it took for juju to spawn first out of three machines)	13:09
magicaltrout	juju status --format yaml might, or might not give you more to go on	13:10
magicaltrout	rick_h loves a bit of MAAS when he gets into the office	13:12
* rick_h looks up and goes "whodawhat?"		13:12
kklimonda	yeah, I'll wait around ;)	13:12
rick_h	kklimonda: what's up? /me reads back	13:13
magicaltrout	he does love MAAS, don't let him tell you otherwise! ;)	13:13
kklimonda	rick_h: I have a MAAS+Juju deployment somewhere in China, and juju add-machine takes ages	13:13
rick_h	I do, my maas https://www.flickr.com/gp/7508761@N03/47B58Y	13:14
kklimonda	my current assumption is that juju, before it even starts machine through MAAS, is trying to download something from the internet	13:14
kklimonda	which is kinda no-go given how bad internet is there	13:15
rick_h	kklimonda: probably pulling tools/etc from our DC perhaps. You might know more looking at the details logs and doing stuff like bootstrap --debug which will be more explicit	13:15
rick_h	kklimonda: hmm, well it shouldn't do anything before the machine starts	13:15
rick_h	kklimonda: it's all setup as scripts to be run when the machine starts	13:15
kklimonda	bootstrap part seems fine	13:16
kklimonda	I've done a sstreams-mirror to get agent/2.0.3/juju-2.0.3-ubuntu-amd64.tgz and later bootstraped it like that: juju bootstrap --to juju-node.maas --debug --metadata-source tools maas --no-gui --show-log	13:17
rick_h	kklimonda: hmm, no add-machine should just be turning on the machine and installing jujud on the machine and register it to the controller	13:17
magicaltrout	kklimonda: if you tell maas just to start a xenial image does it come up?	13:19
kklimonda	I can deploy xenial and trusty just fine through UI and it takes no time at all (other than servers booting up etc.)	13:20
kklimonda	but juju is not even assigning and deploying a machine until it finishes doing... whatever it's doing	13:21
kklimonda	the funny part is, it seems to be working just fine - only with a huge delay (like 15 minutes per machine)	13:21
rick_h	kklimonda: hmm, yea might be worth filing a bug with as many details as you can put down. what versions of maas/juju, how many spaces/subnets are setup, what types of machines they are, etc.	13:23
kklimonda	sigh, it's definitely connecting to streams.canonical.com	13:24
kklimonda	I just tcpdumped traffic	13:24
magicaltrout	i blame canonical for not having a DC in the back of china!	13:24
kklimonda	sigh, there are mirrors for old good apt repositories	13:27
kklimonda	but we're living in a brave new world	13:27
kklimonda	and apparently infrastructure has not yet caught up ;)	13:27
magicaltrout	well you can boot of a stream mirror, I wonder why its not using your config	13:28
magicaltrout	or is it a fall back. I'm unsure of how simple streams work, its like some black art stuff	13:28
kklimonda	this part seems to be rather thinly documented	13:30
ayush	Has anyone used the ceph dashboard chime?	13:32
ayush	charm*	13:32
marcoceppi	ayush: I have, a while ago	13:33
ayush	Did you use it with the ceph chimes? Or can it be setup with a separate ceph cluster?	13:33
marcoceppi	ayush: I used it with the ceph charms	13:34
ayush	Okay.	13:34
ayush	Which version of juju were you using?	13:34
marcoceppi	ayush: ultimately because you need to run additional software on the ceph nodes to actually gather the insights	13:34
marcoceppi	juju 2.0	13:35
ayush	marcoceppi: I ran this. Could you tell me how to get the credentials? "juju config ceph-dash 'repository=deb https://username:password@private-ppa.launchpad.net/canonical-storage/admin-ceph/ubuntu xenial main'"	13:38
marcoceppi	ayush: you'd have to chat with cholcombe or icey on that	13:39
ayush	marcoceppi: Thanks :)	13:41
kjackal_	cory_fu: I would like your help on the badge status PR. Let me know when you have 5 minutes to spare	13:44
cory_fu	kjackal_: Ok, just finishing up another meeting. Give me a couple of min	13:58
Zic	hi here	14:08
Zic	lazyPower: are you around?	14:08
Zic	I have some problem with conjure-up canonical-kubernetes, two LXD machines for kubernetes-worker are staying in "pending"	14:09
Zic	(and the charm associated are blocked in "waiting for machine" so)	14:09
stokachu	Zic, yea im working to fix that now	14:09
Zic	ah :}	14:09
cory_fu	stub, tvansteenburgh: Thanks for the charmhelpers fix. We once again have passing Travis in charms.reactive. :)	14:09
stub	\o/	14:10
Zic	stokachu: do you have a manual workaround?	14:10
Zic	http://paste.ubuntu.com/23995096/	14:18
cory_fu	kjackal_: Ok, I'm in dbd	14:21
kjackal_	cory_fu: going there now	14:22
cholcombe	ayush, you have to be given access to that PPA	14:35
cholcombe	ayush, seems you and icey have been in contact. i'll move this discussion over to #openstack-charms	14:36
=== med_` is now known as medberry
=== medberry is now known as med_
stokachu	Zic, is this the snap version?	15:09
Zic	stokachu: nope, but I think it was because I forgot to 'apt update' after the add-apt-repository for the conjure-up's PPA :)	15:15
Zic	(I got the older version of conjure-up, with the new one from PPA it seems to be OK)	15:16
Zic	lazyPower: are you awake? :)	15:33
kklimonda	is there a juju way for handling NTP?	15:38
lazyPower	kklimonda - juju deploy ntp	15:43
lazyPower	Zic - heyo	15:43
kklimonda	will it just deploy itself on each and every machine and keep track of new machines I add?	15:44
Zic	lazyPower: my conjure-up deployed stale at "Waiting to retry KubeDNS deployment" at one of the 3 masters, don't know if it's normal: http://paste.ubuntu.com/23995418/	15:46
kklimonda	ah, I see	15:46
Zic	the first deploy, I had a too many open files, I increased the fs.file-max via sysctl and do a second deployment :)	15:46
kklimonda	I can create a relationship for other units that need ntp	15:47
kklimonda	cool	15:47
Zic	now it's just this silly "waiting" which block	15:47
lazyPower	Zic - i saw that when i was testing before the adontactic was updated	15:47
lazyPower	*addonTactic	15:47
Zic	lazyPower: I don't know what can I do to unblock it, it's in this state from 30 minutes	15:49
lazyPower	Zic - did you swap with the cs:~lazypower/kubernetes-master-11 charm?	15:50
Zic	yep	15:51
Zic	lazyPower: I saw the step "Waiting for crypto master key" (I think it's the one you added)	15:54
lazyPower	Zic -yeah, thats correct	15:54
Zic	but I have on of this kubernetes-master instances which stay in waiting about KubeDNS :/	15:54
lazyPower	Zic - give me 1 moment i'm on a hangout helping debug a private registry probem	15:54
lazyPower	i think i might have botched the build with teh wrong template	15:55
lazyPower	i'll need to triple check	15:55
Zic	:D	15:55
Zic	lazyPower: just for info, I used the "juju upgrade-charm kubernetes-master --switch cs:~lazypower/kubernetes-master --channel=edge" command	15:56
Zic	(I didn't see your update with cs:~lazypower/kubernetes-master the first time :D)	15:56
Zic	(I didn't see your update with cs:~lazypower/kubernetes-master-11 the first time :D)	15:56
Zic	but the return displayed with the --channel=edge was actually cs:~lazypower/kubernetes-master-11 so it seems OK	15:57
lazyPower	Zic - running another build now, give me a sec to buid and re-test	16:04
Zic	np :)	16:05
Zic	FYI, my mth-k8stest-01 VM is about 8vCPU of 2GHz, 16GB of RAM and 50GB of disk (I saw that CPU and RAM was heavily used in my first attempt with 4vCPU/8GB of RAM)	16:06
lazyPower	Zic - so far still waiting on kube-addons	16:22
lazyPower	churning slowly on lxd but churning all the same	16:22
lazyPower	(i have an underpowered vm running this deployment)	16:22
Zic	lazyPower: yeah, it stale long in "Waiting for kube-system pods to deploy" (something like that) but this step pass OK	16:25
lazyPower	Zic - if it doesnt pass by the first/secoond update-status message cycle its broken	16:25
lazyPower	Zic - dollars to donuts its failing on the template's configmap	16:25
lazyPower	Zic - kubectl get po --all-namespaces && kubectl describe po kube-dns-blahblah	16:26
lazyPower	shoudl say something about error in manifest if its what i think it is	16:26
Zic	yeah, I tried that, it's in Running	16:26
lazyPower	plot thickens...	16:26
lazyPower	mine turned up green	16:26
lazyPower	wwaiting on 1 more master	16:26
Zic	yep	16:26
Zic	was long on the 2 others, but it finally came to green	16:27
Zic	but one master is still waiting in kubernetes-master/1 waiting idle 8 10.41.251.165 6443/tcp Waiting to retry KubeDNS deployment	16:27
Zic	oops, missed copy/paste	16:27
lazyPower	Zic - but hte pod is there and green?	16:27
Zic	yep	16:27
Zic	don't know what it's waiting though :D	16:27
lazyPower	likely a messaging status bug	16:29
lazyPower	if the pod is up	16:29
lazyPower	actually Zic	16:29
lazyPower	restart that vm	16:30
lazyPower	test the resiliency of the crypto key	16:30
lazyPower	nothing like an opportunity to skip a step :)	16:30
Zic	oki	16:31
lazyPower	Zic https://www.evernote.com/l/AX7J_eiKOdNF94_eSoBqGZ3fjz-ZA8qQzAkB/image.png	16:36
lazyPower	confirmation that its working for me locally. if you see different results, i'm highly interested in what was different	16:36
lazyPower	Zic - and to be clear, i did the switch before the deployment completed	16:36
lazyPower	i do need to add one final bit of logic ot the charms to update any existing deployments	16:37
lazyPower	its not wiping the auth.setup state which it should be on upgrade-charm.	16:37
Zic	lazyPower: yep, I do the --switch ~5s after conjure-up printed me to press Q to quit :)	16:38
Zic	(as you said I need to switch when juju status print "allocating")	16:38
lazyPower	yeah :) thats just to intercept before deployment and start with -11	16:39
lazyPower	not test an upgrade path	16:39
lazyPower	this was only tested as a fresh deploy, so the upgrade steps still need to be fleshed out but it should be a simple state sniff and change	16:39
Zic	for now, it's stale at : kubernetes-master/1 waiting idle 8 10.41.251.165 6443/tcp Waiting for kube-system pods to start	16:39
Zic	(after the reboot of the LXD machine)	16:39
lazyPower	:\ boo	16:40
lazyPower	ok, can i trouble you for 1 more fresh deploy?	16:40
Zic	all kube-system pods are Running...	16:40
Zic	yep	16:40
lazyPower	thanks Zic - sorry, not sure what happened there	16:40
Zic	I'm here for ~1 hour more :p	16:40
lazyPower	however did your crypto-key validation work?	16:40
lazyPower	were you able ot verify all units had the same security key	16:40
Zic	I don't test it as I thought this KubeDNS waiting error blocks the final steps of installation	16:41
Zic	oh	16:41
lazyPower	if the kubedns pod is running	16:41
Zic	it switch to active o/	16:42
Zic	just now	16:42
lazyPower	did it?	16:42
Zic	yep	16:42
lazyPower	fantastic, it was indeed a status messaging bug	16:42
lazyPower	looks like perhaps the fetch might have returned > 0	16:42
lazyPower	not certain, but thats why the message says that, is its waiting for convergence of the dns container	16:42
Zic	yeah, I just rebooted the LXD machine with this status message blocked	16:43
Zic	take ~4minutes to switch to active/idle/green	16:43
lazyPower	update-status runs every 5 minutes	16:44
lazyPower	so that seems about right	16:44
Zic	ok	16:44
Zic	as "reboot" of LXD machine is too fast, I don't know if it's a good test for resilience	16:44
Zic	if I poweroff instead, and wait about 5 minutes	16:44
Zic	I need to find how to re-poweron an LXD machine :D	16:44
Zic	it's my first-time-use of LXD :p	16:45
lazyPower	Zic - lxc stop container-id	16:45
lazyPower	lxc start container-id	16:45
lazyPower	lxc list shows all of them	16:45
lazyPower	Zic - did you snap install or apt install?	16:45
lazyPower	just curious :)	16:45
Zic	apt	16:45
Zic	I just followed the homepage quickstart :)	16:46
Zic	(as it was updated with conjure-up instruction and add-apt-repository)	16:46
lazyPower	ok	16:46
lazyPower	:) I'm running a full snap setup and its working beatifully	16:46
lazyPower	not sure if you want to dip your toes in the snap space but its a potential for you	16:46
Zic	this mth-k8stest-01 VM will stay for test I think	16:46
lazyPower	as the snaps seem to move pretty quickly, and they auto-update	16:46
Zic	so I can test snaps in it :)	16:46
lazyPower	nice	16:47
lazyPower	just make sure you purge your apt-packages related to juju before you go the snap route	16:47
bdx	lazyPower: giving CDK another deploy in a few minutes, trying to get the exact steps documented to get deis running post CDK deploy	16:49
Zic	for the test VM I can go through snap, for the real cluster, I have right to reinstall it a last time tomorrow morning :x	16:49
Zic	so I'm not decided if I can use your edge patch directly to production	16:49
Zic	or if I should wait that it go to master	16:49
lazyPower	Zic - wait until its released with the charms	16:50
Zic	(master branch)	16:50
lazyPower	Zic - there's additional testing, this was just early validation	16:50
lazyPower	Zic - as well as teh upgrade path needs to be coded (remember this is fresh deploy test vs an upgrade test)	16:50
Zic	yeah, but as always, deadlines ruins my world: the last time I can reinstall the cluster is tomorrow morning, so I think I will just install the old (released) version with the bug with a singlemaster	16:52
Zic	and when your upgrade will go to release, I will add two more master	16:52
Zic	do you think it's the right path?	16:52
Zic	or it's better to deploy directly with 3 masters on the old release, and poweroff two masters waiting your patch going prod?	16:53
=== Anita is now known as Guest91022
Zic	(it's just for the real cluster, I can do every tests I need/want on other VMs :))	17:00
Guest91022	Hi This is regarding revoking few revisions of a charm. the revisions need to be revoked, first released to different channel and then tried to revoke those revisions. But revoking is happening revision wise.	17:01
Guest91022	Sorry revoking is not happening revisions wise	17:02
Guest91022	grant/revoke is happening for all revisions of the charm.	17:02
Guest91022	please advice	17:02
Zic	lazyPower: for the master part it seems ok for now	17:34
Zic	lazyPower: but for the worker part, if I reboot one of the worker, the ingress-controller on it pass to "Unknown" and try to respawn on another node... and stay in Pending	17:35
Zic	don't know if it's the normal behaviour with ingress-controller pod	17:35
Zic	5m 20s 22 {default-scheduler } Warning FailedScheduling pod (nginx-ingress-controller-3phbl) failed to fit in any node	17:36
Zic	fit failure summary on nodes : PodFitsHostPorts (2)	17:36
Zic	oh, as Ingress Controller listen on 80 it's logic that I got this error	17:40
lazyPower	:()	17:51
lazyPower	Zic - interesting	17:51
lazyPower	so its trying ot migrtate an ingress controller to a unit thats already hosting one to satisfy the replica count	17:52
Zic	yep	17:52
lazyPower	it has requested an impossible scenario :P	17:52
lazyPower	i love it	17:52
Zic	but as it already have an Ingress which listen on *:80... it raise a PodFitsHostsPorts	17:52
lazyPower	yet another reason to do worker pooling	17:52
lazyPower	and have an ingress tier	17:52
Zic	does StatefulSet have a kind of "max one pod of this type per node"?	17:53
Zic	it's maybe one of possible solution :)	17:53
lazyPower	we would need to investigate teh upstream addons and see if they woudl be keen on accepting that	17:53
lazyPower	we dont modify any of the addon templates in order to keep that "vanilla kubernetes" label	17:54
lazyPower	i think we do one thing, which is sniff arch	17:54
lazyPower	but otherwise, its untained by any changes	17:54
Zic	it's not a crash issue so, I'm kinda happy with it anyway :D	17:54
lazyPower	sounds like its testing positively then?	17:54
lazyPower	aside from that one oddball status message issue	17:54
Zic	yep	17:54
lazyPower	fantastic	17:55
lazyPower	i'll get the upgrade steps included shortly and get this prepped for the next cut of the charms	17:55
lazyPower	thanks for validating Zic	17:55
bdx	lazyPower: http://paste.ubuntu.com/23996226/	18:13
lazyPower	bdx - in a vip meeting, let me circle back to you afterwords	18:13
lazyPower	~ 40 minutes	18:14
bdx	k, np	18:14
lazyPower	<3 ty for being patient	18:14
=== mwenning is now known as mwenning-lunch-r
cory_fu	kjackal_: I know it's late and you should be EOD, but were you +1 to merging https://github.com/juju-solutions/layer-cwr/pull/71 with my fix from earlier?	18:44
kjackal_	cory_fu: I did not have asuccessful run but went through the code and it was fine	18:45
kjackal_	cory_fu: So yes, merge it!	18:45
cory_fu	heh	18:45
cory_fu	kwmonroe: You want to give it a poke?	18:45
cory_fu	I ask because I'm trying to resolve the merge conflicts in my containerization branch and would like to get that resolved at the same time	18:46
=== frankban is now known as frankban\|afk
cory_fu	kjackal_: Also, one last thing. Who was you said possibly had a fix for https://travis-ci.org/juju-solutions/layer-cwr/builds/201538658 ?	18:47
cory_fu	*Who was it you said	18:47
kjackal_	it was balloons!	18:47
cory_fu	balloons: Help! :)	18:47
kwmonroe	yup cory_fu, do you have cwr charm released in the store?	18:48
kjackal_	cory_fu: balloons: it is about releasing libcharmstore	18:48
cory_fu	kwmonroe: What do you mean? That PR branch?	18:50
balloons	ohh, what did I do? :-)	18:50
rick_h	kjackal_: libcharmstore? https://github.com/juju/theblues ?	18:50
kwmonroe	yeah cory_fu. is it built/pushed/released somewhere, or do i need to do that?	18:50
cory_fu	balloons: kjackal_ says you might know how to fix our travis failure due to charm-tools failing to install	18:50
kwmonroe	or cory_fu, do just want me to pause for 5 minutes, pretend like i read the code, and merge it?	18:50
kjackal_	rick_h: cory_fu: balloons: its about this: https://github.com/juju/charm-tools/issues/303	18:51
cory_fu	rick_h: libcharmstore seems to be just a wrapper around theblues at this point. Not sure what it provides extra that charm-tools needs	18:51
rick_h	cory_fu: ah ok cool	18:51
cory_fu	kwmonroe: I can push that branch to the store, but I thought we didn't update the store until it was merged. I'll push it to edge, tho	18:52
kwmonroe	cory_fu: i would be most thankful for an edge rev	18:53
balloons	use a snap? AFAICT, charm-tools wasn't built for trusty at any point.	18:53
balloons	you could also migrate to xenial I guess	18:54
bdx	where can I find documentation on bundles vs. charmstore, e.g. how do I push a bundle to the charmstore?	18:54
rick_h	bdx: bundles should act just like charms.	18:54
rick_h	bdx: they're both just zips that get pushed and released and such	18:54
cory_fu	balloons: Travis doesn't offer xenial, AFAICT	18:55
rick_h	bdx: you just have the directory for the readme/yaml file	18:55
bdx	rick_h: http://paste.ubuntu.com/23996456/	18:55
balloons	cory_fu, building charm-tools for trusty and publishing it seems the most straightforward	18:57
bdx	rick_h: looks like it needed a README.md	18:57
rick_h	bdx: otp, will have to look. must be something that's not made it think it's a bundle	18:57
rick_h	bdx: ah ok	18:57
rick_h	bdx: crappy error message there for just that :/	18:57
bdx	rick_h: yeah, I'll file a bug there for clarity	18:58
bdx	thanks	18:58
rick_h	bdx: ty	18:58
cory_fu	balloons, marcoceppi: I thought charm-tools was already available for trusty?	18:58
cory_fu	balloons: I also can't find the snap for charm-tools	18:58
marcoceppi	snap install charm	18:58
marcoceppi	there's a broken dep for trusty	18:59
cory_fu	marcoceppi: Yeah, I don't understand why the dep broke. Also, will snaps even work inside Travis?	18:59
marcoceppi	probably?	19:00
cory_fu	kwmonroe: Ok, cs:~juju-solutions/cwr-46 is released to edge	19:04
kwmonroe	gracias cory_fu	19:05
cory_fu	kwmonroe: You probably want the bundle, too	19:05
kwmonroe	nah	19:05
kwmonroe	cory_fu: bundle grabs the latest	19:05
kwmonroe	oh, der.. probably latest stable. anyway, no biggie, i can wedge 46 into where it needs to go	19:05
cory_fu	kwmonroe: I can release an edge bundle	19:06
kwmonroe	too late cory_fu, i just deployed what i needed	19:06
cory_fu	:)	19:06
bdx	rick_h: so I was able to get my `charm push` command to succeed, now my bundle shows in the store https://imgur.com/a/w4sYr, but when I select "View", I see this -> https://imgur.com/a/udu1s	19:09
rick_h	bdx: what's the ACL on that?	19:10
rick_h	bdx: hmm ok so that seems like it should work out.	19:13
bdx	rick_h: unpublished, write for members of ~creativedrive	19:13
bdx	I could try opening it up to everyone and see if it make a difference	19:14
bdx	I was able to deploy it from the cli ...	19:14
rick_h	bdx: well you should be allowed to look at it like that w/o opening it up	19:14
rick_h	bdx: right, you're logged in, first question would be a logout/login	19:14
cory_fu	balloons: Is there a ppa for current stable snap? Getting this: ZOE ERROR (from /usr/lib/snap/snap): zoeParseOptions: unknown option (--classic)	19:16
cory_fu	balloons: Also of note, our .travis.yml requests xenial but still gets trusty	19:17
bdx	rick_h: yeah .. login/logout did not fix	19:17
rick_h	bdx: k, that sounds like a bug, the output of the ACL from the charm command would be good and I'll try to find a sec to sedtup a bundle and walk through it myself	19:18
catbus1	Hi, I used conjure-up to deploy openstack with novakvm on a maas cluster. after it's up and running, I try to ssh to the instance via external port, but I can't. I am checking the switch configurations now (to make sure there is no vlan separating the traffic), but wanted to check here to see if there is any known issue here. I added the external port on maas/conjure-up node to the conjureup0 bridge via brctl.	19:18
catbus1	I did specify the external port on the neutron-gateway.	19:19
bdx	rick_h: sweet. thx	19:19
balloons	cory_fu, ppa for a stable snap?	19:36
balloons	that's a confusing statement	19:36
balloons	cory_fu, yea, travis might keep you stuck. But again, fix the depends for trusty or ...	19:37
bdx	can storage be specified via bundle?	19:41
cory_fu	balloons: PPA to get the latest stable snapd on trusty. Version that installs doens't support --classic	19:43
balloons	cory_fu, heh. Even edge ppa doesn't supply for trusty; https://launchpad.net/~snappy-dev/+archive/ubuntu/edge	19:44
balloons	cory_fu, but are you sure it doesn't work? I know I've used classic snaps on trusty	19:45
balloons	you probably just need to use backports	19:45
cory_fu	balloons: backports. That sounds promising.	19:46
balloons	cory_fu, actually, no.. http://packages.ubuntu.com/trusty-updates/devel/snapd	19:46
balloons	that should work	19:46
cory_fu	balloons: How do I tell it to use trusty-updates?	19:47
cory_fu	Ah, -t	19:48
cory_fu	Have to run an errand. Hopefully that will work	19:49
cory_fu	balloons: That didn't work. :( https://travis-ci.org/juju-solutions/layer-cwr/builds/201634553	19:50
cory_fu	Anyway, got to run.	19:50
cory_fu	bbiab	19:50
bdx	lazyPower: just documenting the next phase of the issue http://paste.ubuntu.com/23996697/	19:55
lazyPower	bdx - self signed cert issue at first glance	19:57
lazyPower	just got back from meetings / finishing lunch	19:57
marcoceppi	cory_fu: I'll have a dep fix tomorrow	19:57
bdx	lazyPower: yea, entirely, just not sure how deis it is ever expected to work if we can't specify our own key/cert :-(	19:57
magicaltrout	lunch is banned until stuff works!	19:58
lazyPower	bdx - spinning up a cluster now	19:58
lazyPower	give me 10 to run the deploy and i'll run down the gsg of deis workflow, see if i can identify the weakness here	19:58
lazyPower	bdx - i imagine this can be resolved by pulling in teh CA from k8s and adding it to your chain, which is not uncommon for self signed ssl activities	19:59
=== thumper-afk is now known as thumper
bdx	lazyPower: oooh, I hadn't thought of that	20:03
lazyPower	rick_h - do you happen to know if storage made it into the bundle spec?	20:12
lazyPower	or is that strictly a pool/post-deployment supported op	20:13
kwmonroe	cory_fu: you badge real good: http://juju.does-it.net:5001/charm_openjdk_in_cs__kwmonroe_bundle_java_devenv/build-badge.svg	20:14
rick_h	lazyPower: yes https://github.com/juju/charm/blob/v6-unstable/bundledata.go check storage	20:15
lazyPower	aha fantastic	20:16
rick_h	lazyPower: it can't create.pools but can use them I believe via constraints and such	20:16
bdx	rick_h: awesome thanks	20:16
bdx	rick_h: any docs around that?	20:16
=== menn0 is now known as menn0-busy
rick_h	bdx: I think it's under documented.	20:17
rick_h	bdx: sorry, in line at the kid's school ATM so phoning it in (to IRC)	20:17
lazyPower	i'm filing a bug for this atm rick_h - i gotchoo	20:17
lazyPower	bdx - nope sadly we're behind on that one. However https://github.com/juju/docs/issues/1655 is being edited and will yield more data as we get it	20:18
bdx	lazyPower: awesome, thx	20:19
lutostag	blackboxsw: fginther: we should totally set up a call for figuring out best path to merge https://github.com/juju/autopilot-log-collector & https://github.com/juju/juju-crashdump -- talking use-cases and merging	20:22
blackboxsw	lutostag, seems like log-collector might be a potential consumer/customer of crashdump as it tries to pull juju logs and other system logs together into a single tarfile	20:25
blackboxsw	ahh extra_dir might be what we need there	20:25
lutostag	blackboxsw: yeah, I was curious about your inner-model stuff in particular to make sure we could do that for you too	20:26
stormmore	hey lazyPower I am still trying to understand ingress controllers... is there a way of load balancing floating IPs using them?	20:27
lutostag	blackboxsw: and your use of ps_mem as well (the motivation behind that and what it gives you)	20:27
fginther	lutostag, it is a bit tuned to our CI log analysis, but would not be impossible to merge things	20:28
lutostag	fginther: yeah, OIL has a similar log analysis bit I'm sure, and merging heads seems like a good idea -- get everybody on one crash-collection format, then standardize analysis tools on top of it	20:29
lazyPower	stormmore - actually yes, you can create ingress routes that point at things that aren't even in your cluster	20:29
lazyPower	stormmore - but it sounds more like you're looking specifically towards floating ip management?	20:29
stormmore	lazyPower - just trying to efficiently utilize my public IP space while providing the same functionality of using the service type loadBalancer gives in AWS	20:30
lazyPower	stormmore - so in CDK today - every worker node acts as an ingress point. Every single worker is effectively an ELB style router	20:31
fginther	lutostag, yeah, no objections to going that route. Would hopefully make things easier in the future	20:31
lazyPower	stormmore - you use ingress to slice that load balancer up and serve up the containers on proper domains. I would think any floating IP assignment you're looking to utilize there would probably be best served at being pointed directly at the units you're looking to make your ingress tier (this will tie in nicely to future work with support for worker pooling via annotations, but more on this later)	20:32
lutostag	fginther: since we already have 2 ci-teams doing it, we should smash em together so that other's don't have to re-invent, wish I had reached out to you guys earlier tbh :/	20:32
stormmore	lazyPower yeah I saw that, I am more looking at providing service IP / VIPs instead	20:32
lazyPower	ok for doing virtual ips, i'll need to do some reading	20:32
lazyPower	stormmore - i've only tested nodport for that level of integration, there's more to be done there for VIP support i'm pretty sure	20:32
stormmore	lazyPower the problem with using the node's IP is what happens to the IP if the node goes down	20:33
lazyPower	right and that varies on DC	20:33
lazyPower	it could stay the same, could get reassigned	20:33
stormmore	exactly... my idea right now, is figure out how to run keepalived in the environment on one of the interfaces	20:34
lazyPower	stormmore - the thing is, when you declare a service in k8s you're getting a VIP	20:34
lazyPower	but its not one that would be routable outside of the cluster	20:34
lazyPower	https://kubernetes.io/docs/user-guide/services/#ips-and-vips	20:35
stormmore	have keepalived as a DaemonSet and then be able to assign an IP to the internal service IP	20:35
lazyPower	ok, that sounds reasonable	20:35
stormmore	seems the logical way of separating out the actual used IPs from the infrastructure 100%	20:37
lazyPower	yeah i see what you mean. i was looking at this	20:37
lazyPower	https://kubernetes.io/docs/tutorials/stateless-application/expose-external-ip-address/	20:37
lazyPower	i presume this is more along the lines of what you were looking for, with --type=loadbalancer	20:37
lazyPower	where its just requesting an haproxy from the cloud at great expense, to act as an ingress point to the cluster VIP of that service	20:37
stormmore	yeah I have been looking at that from an AWS standpoint and allows kubernetes to setup the ELB	20:41
lutostag	fginther: I'll spend a little time, making juju-crashdump more library-like, and import able, then maybe I'll setup a call for early next week to discuss what you guys need in terms of output format to minimize disruption to your analysis if that's ok	20:42
fginther	lutostag, a call next week would be fine... But please note that some of the content of autopilot-log-collector is no longer needed	20:43
fginther	all of the juju 1 content can be removed	20:43
fginther	lutostag, I wouldn't want you to implement a lot of changes for the sake of autopilot-log-collector and have them not be used	20:44
cory_fu	balloons, marcoceppi: It turns out I was installing "snap" when I should have been installing "snapd". Unfortunately, it seems that snaps do not in fact work in Travis: https://travis-ci.org/juju-solutions/layer-cwr/builds/201647356	20:46
balloons	cory_fu, ahh, whoops	20:47
balloons	it's possible to ignore that, but not with our package	20:47
lutostag	fginther: ok, sure, we'll make a list!	20:47
cory_fu	balloons: What do you mean, "not with our package"?	20:57
balloons	cory_fu, snapd can be built with selinux / apparmor or perhaps no security model. not sure. But the ubuntu package absolutely wants app armor	20:58
lazyPower	kwmonroe - what bundle is that svg from?	20:58
lazyPower	charm_openjdk_in_cs__kwmonroe_bundle_java_devenv <-- kinda tells me but kinda doesnt	20:58
cory_fu	lazyPower: The bundle would be cs:~kwmonroe/bundle/java-devenv	20:59
lazyPower	oh i guess its this https://jujucharms.com/u/kwmonroe/java-devenv/	20:59
lazyPower	ninja'd	20:59
lazyPower	watching matt deploy some ci goodness	20:59
kwmonroe	well if matt can do it, we're in great shape.	21:00
lazyPower	bdx - just got deis up and running, stepping into where you found problems i think	21:07
lazyPower	"register a user and deploy an app" right?	21:07
cholcombe	so i finally got around trying lxd on my localhost. My lxc containers are started with juju and they seem to be stuck in 'allocating'. I'm not sure why	21:12
lazyPower	bdx - can you confirm your deis router is currently pending and not started?	21:15
lazyPower	bdx - looks like a collision between the ingress controller we're launching and the deis router.	21:15
lutostag	cholcombe: if you do a lxc list, do you see any "juju" machines there?	21:19
cholcombe	lutostag: yeah they're def running	21:19
cholcombe	i deployed 3 machines and i see 4 lxc containers with juju- in the name	21:19
lazyPower	bdx yeah i was able to get the router scheduled by disabling ingress, we made some assumptions there that would prevent deis from deploying cleanly, both are attempting to bind to host port 80	21:20
lutostag	cholcombe: I would try lxc exec <juju-...> bash # and then run top in there and see where it is stuck	21:20
cholcombe	lutostag: ok	21:20
lutostag	cholcombe: at one point there was an issue with things not apt-upgrading appropriately and getting stuck there indefinitely	21:20
cholcombe	lutostag: ahh interesting	21:21
cholcombe	lutostag: i don't see much going on. let me check another one	21:21
lutostag	but that was months ago, still going in and poking is the best way to find it	21:22
cholcombe	looks like everything is snoozing	21:22
lutostag	cholcombe: hmm, if they are all still allocating, mind pasting one of the containers "ps aux" to paste.ubuntu.com	21:31
cholcombe	lutostag: sure one sec	21:31
lutostag	if no luck there, we'll have to see what the juju controller says...	21:31
lazyPower	bdx - i see the error between your approach and what its actually doing	21:37
lazyPower	bdx - you dont contact the kube apiserver for this, its attempting to request a service of type loadbalancer to proxy into the cluster and give you all that deis joy	21:38
cholcombe	lutostag: http://paste.ubuntu.com/23997274/	21:38
lazyPower	bdx - i'd need to pull in the helm charts and give it a bit more of a high-touch to make it work as is, in the cluster right now. It would have to use type nodeport networking, and we would need to expose some additional ports	21:38
lazyPower	Budgie^Smore - cc'ing you on this as well ^ if your VIP work-aroudn works, i'd like to discuss teh pattern a little more and dissect how you went about doing it. as it seems like there's a lot of useful applications for that.	21:40
cholcombe	lutostag: the last message i see in the unit logs are that it downloaded and verified my charm	21:46
lutostag	cholcombe: yeah, I can't see anything popping out at me, nothing helpful in "juju debug-log" ?	21:48
cholcombe	lutostag: no just messages about leadership renewal	21:48
lutostag	cholcombe: hmm, looks like maybe you are stuck in the exec-start.sh. You could try rebooting one of those containers	22:03
lutostag	fighting another juju/lxd issue here myself, and a bit out of my depth, wish I could be more helpful	22:04
bdx	lazyPower: ok, that would make sense, awesome	22:07
lazyPower	bdx - however as it stands, this doesn't work in an obvious fashion right away. not sure when i'll have time to get to those chart edits	22:10
cholcombe	lutostag: no worries	22:11
bdx	lazyPower: what are my options here? am I SOL?	22:13
bdx	until you have time to dive in	22:14
lazyPower	bdx not at all, you can pull down those helm charts and change the controller to be type: hostnetwork or type: nodeport	22:14
bdx	oooh	22:14
lazyPower	then just reschedule the controller	22:14
lazyPower	helm apply mything.yml	22:14
lazyPower	its devops baby	22:14
lazyPower	we have the technology :D	22:14
bdx	nice	22:14
bdx	I'll head down that path and see what gives	22:14
bdx	lazyPower: as always, thanks	22:14
lazyPower	bdx - c'mon man :) We're family by now	22:15
bdx	:)	22:16
=== perrito667 is now known as perrito666
=== mup_ is now known as mup
=== SaMnCo_ is now known as SaMnCo
=== psivaa_ is now known as psivaa
=== bryan_att_ is now known as bryan_att
=== rmcadams_ is now known as rmcadams
=== med_ is now known as Guest3904
* Budgie^Smore (stormmore) had to come home since his glasses broke :-/		22:49
lazyPower	Budgie^Smore - i've been there, done that. literally this last week	22:51
andrew-ii	On one of my machines, LXD containers do not seem to deploy. No obvious error, machine (i.e. 0/lxd/0) just never leaves the Pending status, and the agent is stuck on "allocating". Am I missing something obvious?	23:00
andrew-ii	Oh, and occasionally another machine doesn't deploy containers as well. Is there a point where something can cause LXD container deployments to fail without error/retry?	23:06
Budgie^Smore	lazyPower ouch! just sucks just how short sighted I am :-/	23:06
lazyPower	andrew-ii - which version of juju?	23:11
andrew-ii	2.0.2	23:12
andrew-ii	Running on MAAS 2.1.3	23:13
andrew-ii	Machine seems to be connected and healthy, and an app will deploy, just not to a container	23:14
andrew-ii	cat /var/log/lxd/lxd.log is just like my other machines, except it doesn't have the "alias=xenial ....", "ephemeral=false...", or "action=start ...." lines	23:18
=== menn0-busy is now known as menn0
Budgie^Smore	to make matters worse, I have 4k displays	23:33
lazyPower	Budgie^Smore - so i just confirmed the reigstry action's tls certs work as expected, no sure if you were still on that blocker	23:47
lazyPower	but i can help you decompose a workload using this as a template to reproduce for additional tls terminated apps	23:47
lazyPower	i deployed one using letsencrypt certs and it seems to have gone without an issue	23:47
Budgie^Smore	yeah that is a blocker still, got side tracked with another blocker anyway and looking at intergrating with the ELB for now	23:51
Budgie^Smore	with the let's encrypt method are you manually uploading the key and cert to the k8s secrets vault?	23:52
Budgie^Smore	I am also trying to build a cluster in a box so I can test scenarios better than right now	23:55
lazyPower	yeah	23:57
lazyPower	Budgie^Smore - its encapsulated in the action, its taking teh base64 encoded certs and stuffing them in the secret template and enlisting it	23:57
Budgie^Smore	hmmm so if I go to the dashboard and look at the secrets should I see the base64 or the ascii?	23:59
lazyPower	base64	23:59

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!