/srv/irclogs.ubuntu.com/2017/02/22/#juju.txt

=== thumper-dogwalk is now known as thumper
arosalescory_fu: kwmonroe: http://i.imgur.com/QMMtsAt.gif    :-)00:17
lutostagdoes juju support running against a snapped lxd? I get 'ERROR can't connect to the local LXD server: LXD socket not found; is LXD installed & running?' any way to fix01:39
anastasiamaclutostag: wallyworld had some issues running with snapped lxd :) he may b the best person to help \o/01:40
stokachulutostag, export LXD_DIR=/var/snap/lxd/common/lxd01:41
stokachulutostag, see this https://github.com/conjure-up/conjure-up/blob/master/snap/wrappers/juju01:41
lutostagstokachu: my man!!! ty01:41
stokachunp01:42
stokachulutostag, you can't have both deb and snap lxd installed though as they conflict on port 844301:42
stokachuand thats hardcoded in juju01:42
lutostagyeah, I have been fighting a bug with juju2.1rc with bootstrapping, seeing if blowing away lxd will fix (and a time to try lxd snapped on my main machine)01:43
stokachulutostag, i know lxd 2.8 which is in snap stable works fine01:43
stokachuanything newer though is broken01:43
lutostagstokachu: thanks01:46
lutostagaxw: fiddlesticks, still can't bootstrap against a wiped lxd01:46
axwlutostag: I have no idea what's going on :/  do you have a firewall on your host perchance? ufw enabled?04:20
axwlutostag: can you try starting a lxd container by hand, and connecting to 10.232.128.1:8443 with telnet or whatever?04:21
axwlutostag: the only other thing I can think of that might be useful is the output of: lxc network show lxdbr004:27
=== frankban|afk is now known as frankban
kjackalGood morning Juju world!08:43
eeemilHow does Juju decide which subnet to use within a specific space? I'm deploying to MaaS where each machine has 2 NIC:s, one NIC is exposed to Internet and one NIC is for internal communication. I want to deploy openstack-base. If I have 2 separate spaces (one external, one internal), Juju seems to become confused. If I have 1 space with both external and internal subnet, I can't communicate with some units as09:46
eeemil they get internal IP:s listed as public...09:46
=== frankban is now known as frankban|afk
=== lukasa_ is now known as lukasa
cnfhi, how do i get juju to use a socks5 proxy for connections?13:10
cnfor even better a pac file13:10
stubcnf: I don't think you can. https://jujucharms.com/docs/devel/models-config has details of the various environment configuration options, but no mention of socks5.13:34
cnfstub: that's remote proxies, from what I get13:36
cnfi need it locally13:36
cnfjuju can't talk to the cloud API directly13:37
bdxstub: I'm experiencing some odd behavior when requesting the same database from multiple applications, e.g. one application seems to have higher privs then the other13:37
bdxstub: is there anything that would cause the privs for a subsequent user to be less than the user that requested the database initially13:39
cnfhmm13:40
cnfi think setting http_proxy works13:40
cnfbut then i get13:41
cnfERROR invalid URL "http://cloud-images.ubuntu.com/releases/streams/v1/index.sjson" not found13:41
bdxstub: for example, after each app requests access to the database, one of the apps can communicate with postgres just fine, see http://paste.ubuntu.com/24046542/13:43
cnfhmm, can I pre-download whatever image it wants from http://cloud-images.ubuntu.com/releases/streams/v1/index.sjson ?13:44
cnfbecause i need to go through a proxy to get to my controller, but not to get the image13:44
bdxthe other application just barfs on `rails c`, due to postgres acccss http://paste.ubuntu.com/24046554/13:45
bdxstub: I see that postgres has created the correct entries in pg_hba.conf http://paste.ubuntu.com/24046557/13:46
cnfhmz "getting started" with juju is turning out to be quite a rabbit hole :/13:48
bdxand that the database has the correct acceess for each user created http://paste.ubuntu.com/24046568/13:49
bdxstub: what is odd, and I'm just noticing this, is that there is a database created for each user as well as a database created with the dbname that I request in each of my charms13:50
bdxshould the postgres charm create a db named that of each user?13:51
bdxalongside the one you request?13:51
cnfugh, so i guess i can't use the vsphere provider13:53
bdxthis was working for me some time ago, not sure if recent changes may have impact on what I'm seeing here or what the deal is13:53
cnfthat leaves me with nothing to try it out13:53
bdxI had changed some perms around prior to getting that paste of the \l13:57
cnfany suggestions?13:57
iceyI was trying to test some new logic with an upgrade charm and can't eploy local changes: https://bugs.launchpad.net/juju/+bug/166690413:58
mupBug #1666904: upgrade-charm --switch doesn't work with local charms <juju:New> <https://launchpad.net/bugs/1666904>13:58
cnfwhere does juju store local config, btw?14:00
jrwren$HOME/.local/share/juju14:02
cnfthanks jrwren14:02
cnfnow to find a provider i can actually use14:03
cnfhmz14:25
cnfwhy would I get ERROR failed to bootstrap model: cannot start bootstrap instance: cannot run instances: cannot run instance: No available machine matches constraints: mem=3584.0 zone=default14:39
cnf ?14:39
cnfhmz, I can't get any of the providers working14:40
cnfwow, maas is horrible14:44
cnfright, 3 hours "getting started with juju", and I got nothing working14:46
cnfi'm done for the day14:47
cnfcan't get any provider working14:48
=== frankban|afk is now known as frankban
jrwrencory_fu: I have a couple of MP for charm-haproxy. Please take a look?15:23
lazyPowercnf - are you really done for the day? if not I can lend a hand in getting you unblocked15:34
kjackalkwmonroe: I am merging the jenkins jobs backup and restore!15:50
cnflazyPower: i'm mostly frustrated atm :P15:51
cnfgot about an hour before end of day15:51
kwmonroeack kjackal - thanks!15:55
kwmonroecnf: just catching up on backscroll.. if you're still hitting the bootstrap error mentinoed above, the default bootstrap requires 3.5G of ram.  you can override that with "juju bootstrap --bootstrap-constraints mem=2G", for example.16:00
cnfyeah, that's not going to help. that was me misunderstanding maas16:00
kwmonroegotcha16:01
cnfI just want to learn how juju works, but it seems to want cloud stuff I don't have available16:01
cnfand I can't get the vsphere one working16:01
kwmonroecnf: sorry this isn't going smoothly!  i don't have vsphere/juju experience, but i can point you to free aws creds:  http://developer.juju.solutions/.  i know you're about to EOD, but perhaps it's worth signing up there so you can check out juju/aws.16:03
cnfi'll look at that for learning16:03
cnfbut i'm mostly interested in juju for setting up openstack16:04
cnfif i am understanding things correctly, maas is pretty much the only way16:04
cnfbut thanks for that link16:04
kwmonroenp16:05
kwmonroeadmcleod: you still around?  what's the best guide for juju/maas/openstack these days?  is it the openstack-base readme (https://jujucharms.com/openstack-base/)?16:06
lazyPowercnf - MAAS on vsphere would be your best bet yeah.16:07
lazyPowerwe have quite a bit of testing around that in our OIL lab16:07
cnfadd vm's to a maas controller?16:07
cnffor testing that could work, I guess16:08
lazyPowercnf - yep, thats how we do it. You can also skip MAAS and use the vsphere direct https://jujucharms.com/docs/stable/help-vmware16:08
lazyPowerso you have 2 options there16:08
cnflazyPower: yeah, I could not get that working16:08
lazyPowerok so the vsphere provider is what was giving you heartburn attempting to bootstrap?16:08
cnfi need to go through a proxy to get to the vsphere api16:08
cnfand then it can't get the ubuntu img list, iirc16:09
lazyPowercan you do me a favor, just so i can get a bug filed if there's a bug in there - juju bootstrap --debug    2>&1  | tee bootstrap.log and pastebin that log?16:09
lazyPowerooooohhh ok16:09
lazyPowerso its a localized setup, that has some restrictions our bootstrap process assumes are not there16:09
cnfERROR invalid URL "http://cloud-images.ubuntu.com/releases/streams/v1/index.sjson" not found16:09
cnfit is16:10
lazyPoweryou can set a proxy for the bootstrap process to use, however i do beleive it works as follows: its going to fetch the cloud image to your workstation, and then push that to the bootstrap node (the docs state this) and that might also be troublesome16:10
cnfyeah, i can't get the image through the proxy16:10
cnfbut i need the proxy to get to the vsphere16:10
cnfand it doesn't support my pac file, I think16:10
cnfand i could not figure out how to download the image manually16:11
cnfthat's where I got stuck16:11
lazyPowercnf - ok, can i get you to file a bug against our docs for this? I'd like to see if we can get you a working path to resolution. The alternative would be to install maas, and then pre-load maas with both images and vm's16:12
lazyPowerbut thats a load of extra setup steps you can forego16:12
cnfyeah16:12
lazyPowereg: why am i setting up pxe to juju some vms?16:12
cnfindeed16:13
lazyPoweri feel ya, let me get you a bug link16:13
cnfthe end goal is to evaluate juju as a mechanism for running openstack in production16:13
cnfbut i'm not there yet16:13
lazyPowercnf https://github.com/juju/docs/issues/new -- can you file a bug here, describing the limitations of your setup wrt the vsphere / network limitations?16:13
cnfi16:14
lazyPowerwe can see about getting some updated docs cut around those limitations and also ping the right people to weigh in on what you would need to request from your IT staff (if applicable) for allowed proxy domains.16:14
cnfhmm, not sure how to word this16:14
cnf(end of day, i'm tired and hungry, i'm afraid)16:14
lazyPowercnf - however i do believe its just the cloud image archive and the jujucharms.com api is all thats expected.   Charms on the other hand will want hte cloudarchive bits.16:14
cnflazyPower: are you one of the devs? should I mention you in the ticket?16:19
lazyPowercnf - I work on the charm ecosystem, but you bet feel free to ping me direct. i'm @chuckbutler on github16:20
cnfhttps://github.com/juju/docs/issues/167616:21
cnfI hope that's a bit clear16:21
lazyPowercnf - thanks, acknowledged receipt16:24
lazyPoweri'll shop this with some of the core devs when they come online and see if we cant get you unblocked16:24
cnfcool, thanks16:24
cnflazyPower: from what I understand, the --config sets the proxy on the remote side16:31
cnfexport http_proxy=http://ip:port/ works though16:32
cnfexcept i can't download the image through the proxy16:32
lazyPowerok so confirmed its during the client side image fetch to load the cloud image.16:33
cnfie "The HTTP proxy value to configure on instances, in the HTTP_PROXY environment variable"16:33
cnffor http-proxy16:34
lazyPowerright, the bootstrap controller is going to want proxy access as well to reach the charmstore. I'm looking now for osx proxy settings you can set on the CLI to bypass thsi16:34
lazyPoweri read that you have browser proxy working, i do beleive there's a way to proxy cli tooling too, i think its with networksetup but its been quite a while since i've done that16:34
cnfwell, i have a pac file16:35
cnfthat sets proxy servers differently according to the url16:35
lazyPowernetworksetup -setautoproxyurl "wi-fi" "http://somedomain.com/proxy.pac"16:35
cnfyeah, cli tools don't respect that16:35
cnfthey use the http_proxy env var16:35
ZiclazyPower: hi! I just saw Kubernetes 1.5.3 was out since 15th, is it already available through Juju ?16:36
cnf(just like on linux)16:36
=== redir_holiday is now known as redir
lazyPowerZic - we are a bit behind with 1.6 code freeze. I can kick off a build and run e2e on that today if you want the 1.5.3 bump16:36
lazyPoweri suspect we can get you an edge by EOD, probably closer to beta/stable by end of week16:36
lazyPowerZic - however, this depends on clean e2e results :)16:36
lazyPowercnf - ok, and i guess the PAC file changes from time to time so its not really convenient to use the HTTP_PROXY url with a manual config?16:37
cnflazyPower: my main problem is that the vsphere api is behind a proxy, the REST of the internet is NOT16:37
Zicwas just to know :) if you have any "edge" channel that I can test on preprod I can give you some review with my usage :)16:37
lazyPowercnf  sorry for basic questions, just trying to wrap my head around the domain here.16:37
lazyPowerZic - ok, lets shoot for later this week then my plate is full today.16:38
cnfthe pac file is always the same here, just ubuntu.com needs a DIRECT connection, and vsphere needs to go through a proxy16:38
lazyPowerZic  i'll try to get you an edge build by tomorrow, if all else fails, friday16:38
Zicnp :)16:38
cnflazyPower: and i can't have both in the shell16:38
cnfand i can't split the commands, i think16:38
lazyPowercnf thats unfortunate. I dont have a direct answer right now, let me think on this and see if we cant resolve this with some clever cli fu16:39
lazyPoweror maybe less-than-clever cli fu16:39
cnf:P16:39
lazyPoweri'll keep up in the bug sinc eyou're close to EOD16:39
cnflazyPower: the only thing i can think of is download the image manually16:39
cnfand put it somewhere juju can find it16:39
lazyPowerdoes that work for you?16:39
cnfsure16:39
lazyPowerfantastic. Thanks for being patient cnf, i'll try to run down some answers regarding manual image upload and instructing juju what to do with that image16:40
lazyPowerkwmonroe nice drive by on that bug16:41
cnfi responded to that kwmonroe16:42
cnfto add context from here to the bug16:42
lazyPowerrick_h - when you have a sec to glance at https://github.com/juju/docs/issues/1676 it would be good to gather info on if we have encountered split proxy clouds before, and if there's a known path to success here.16:42
cnfkwmonroe: i just noticed the no_proxy as an env var16:44
cnfkwmonroe: setting that to ubuntu.com gets me to16:45
cnfERROR failed to bootstrap model: cannot package bootstrap agent binary: no prepackaged agent available and no jujud binary can be found16:45
admcleodkwmonroe: im here, yeah - depends, what do you want to do with it?16:45
lazyPowerkwmonroe - do we know if the 2.0.3 release was pre no-more --upload-tools?16:46
admcleodkwmonroe: oh. i see16:46
kwmonroeoof cnf, i haven't seen that error before.  lazyPower, i dunno the state of --upload-tools in 2.0.3.16:47
cnfhmm16:47
admcleodthere is also the option of doing openstack-on-lxd on a laptop,etc16:47
lazyPoweri beleive that went away in teh 2.0 release chain but i forget when16:47
cnfno lxd on my laptop16:47
lazyPowerit adopted new behavior where it "just does the right thing" during the bootstrap process.16:48
cnfoh, on that16:48
cnfmight want to hide the lxd options on the osx build16:48
cnfdoesn't work, anyway :P16:48
kwmonroethx admcleod - cnf was working on an openstack/juju happy-fun-time, so wanted to point him at the most recent docs.  atm, we're working through bootstrapping vsphere with proxies, so we'll need to get that sorted before diving into the 'stack.16:49
lazyPowercnf - there's been work in progress to command lxd providers on remote units.16:49
admcleodkwmonroe: yep read some of the scroll16:49
cnflazyPower: that would be awesome16:49
lazyPowercnf  - so you can point it at a vm and suddenly you have a developer cloud on your laptop :)16:49
lazyPowerspiffy right?16:49
cnfyep16:49
cnfi do that with docker things, atm16:50
lazyPowerprior to that work it was a nasty hack with socat and some tls cert syncs and other fun time stuff16:50
cnfuhu16:51
cnfhow do you communicate with it?16:51
cnfa socket file?16:51
lazyPowerlxd is a restful api16:51
cnf(recent versions of ssh support forwarding socket files)16:51
cnfi saw lxd intro at fosdem a few years ago16:53
cnfhmm16:56
cnflazyPower: well, lxc (as the command) is in homebrew16:57
cnf(also, juju doesn't like socks5:// as proxy protocol16:57
cnfmaybe i should file a bug against that as well16:57
cnfok, as they say, badly translated from dutch, my pipe is out17:01
cnfi'm going home :P17:01
cnf\o17:01
lazyPowercheers cnf17:01
cnfthanks for the help17:01
stormmoreo/ Juju world!17:18
=== scuttle|afk is now known as scuttlemonkey
stormmorelazyPower, you awake today? ;-) Just noticed my first "issue" with my k8s cluster. kube-dns seems to be in CLBO but the only error I see is https://gist.github.com/cm-graham/bc9ff905ca63b06c393c08e0f33a8e3317:23
lazyPowerstormmore - thats a new one. can you file a bug for this? it looks like kubedns might be failing health checks17:24
lazyPowerstormmore - one thing we did notice, is that if you hvae a busy cluster you  might be filling the max_con_table17:24
stormmoreit is failing health checks, it is how I found it17:24
lazyPowerstormmore - https://github.com/juju-solutions/bundle-canonical-kubernetes/issues/21617:24
lazyPowerrelated bug17:24
stormmoreyeah this is not a busy cluster (yet!) only running k8s services and 3 in house ones right now17:26
lazyPowerok, that doesn't sound like it woudl be the culprit17:26
lazyPowerCynerva ryebot - can we add a todo to add an action for re-scheduling the addons? Seems like this clears up a lot of the funky issues we've found with addons17:26
lazyPowerstormmore - one thing to try is scale the replicas to 0, then re-scale to n17:27
stormmorebeing the self-hater that I am, I suspect something stupid I did ;-)17:27
lazyPowerstormmore - getting the pods rescheduled seems to unstick whatever the root cause is there17:27
ryebotlazyPower: sure thing17:27
lazyPowerryebot - ty, in the process of fighting with merge bots :|17:28
ryebotnp, good luck!17:28
stormmoreOK lazyPower that seems to have brought it back to a healthy state for now ;-)17:36
lazyPowerstormmore - ok, let me know if it continues to give you issues, this bit Zic before as well17:36
lazyPowerif we can identify a root cause for why kubedns is messing its own bed, it would be good to capture that and get a patch submitted upstream17:37
lazyPowerbut i also know its abysmal at giving output as to why its having trouble17:37
lazyPower:|17:37
stormmorelazyPower, yeah I remember seeing that :-/17:37
stormmorestill more useful than that 404 I am getting from the internal dev's container! :)17:38
lazyPowerstormmore - welp. :)17:46
lazyPoweri can only solve so much with magic and khai17:46
stormmorelazyPower, I know this thankfully :) the devs I am working with are a little green (read a lot!) in containers17:51
stormmorewow I am really laggy today... going up to 13secs to here :-/17:57
ZiclazyPower / stormmore : yep, I had this one, have you try to lurk at the logs directly through the docker container? because I didn't have any useful logs through "kubectl logs"18:09
Zicstormmore: in my case, it was the max conn for dnsmask which was reached18:09
ZicI just scaled kube-dns and then deleted the kube-dns pods18:09
Zic(it respawned to respect the scale deployment)18:09
lazyPowerZic - i dont know if thats tuneable, but we should probably investigate making that tuneable via configmaps18:10
Zicyeah, it seems to be tuneable... at least the maxconn is in the starting process line of dnsmask container18:10
stormmoreZic, I am no where near hitting a conntrack limit with the little number of containers I am running right now18:10
=== frankban is now known as frankban|afk
Zicstormmore: I'm running ~120 containers but only 4 was responsible of the maxconn of dnsmask18:11
Zicbecause they were too heavily request resolving18:11
stormmorelazyPower, isn't a tunable option on the hosts /proc?18:11
Zic(was Cassandra pods...)18:11
stormmoreI am only running about a dozen right now18:11
Zicstormmore: but all that said, it's not a conntrack limit on my case, just a software configuration-max in dnsmask container of kube-dns pod18:12
stormmoreah :)18:12
stormmoremy team haven't realized just what we can do with kube-dns yet18:13
Zicif you want to verify this issue, just run a `docker logs` at dnsmask container (it's bad, you should prefer kubectl logs but in that case, I didn't find these logs anywhere else except directly with docker command)18:13
stormmorenot inclined to let them in on that yet, too many other things need my attention18:13
Zicif you have something like "dnsmask : Max request reaching (150)" (from  what I remember), try to scale kube-dns18:14
lazyPoweri'm going to interject that it gives me an extreme happy face to see you two self helping and talking through these issues here...18:14
Zic:D18:14
ZicI personally scaled kube-dns to the number of nodes I have18:15
Zic(one kube-dns per nodes so)18:15
lazyPowerZic - there is a horizontal autoscaler addon for this case...18:15
lazyPoweri wonder if thats something worth investigating as its jsut another manifest18:15
Zicyes, I know you can automatize that :)18:15
Zicbut as my nodes will not expand daily...18:16
Zicand as you told me you will take a look for this autoscaler in CDK :D18:16
* Zic runs18:16
lazyPowerhaha18:16
lazyPoweroh sure, put the flaming bag on MY doorstep, thanks Zic  ;)18:16
shewless_Hi. I'm trying to bootstrap my juju 2.0.3 with a private openstack environment. I'm making good progress (instance created, etc) but it seems to "hang" on Installing curl, cpu-checker, bridge-utils, cloud-utils, tmux18:19
shewless_any ideas?18:19
lazyPowershewless_ - any proxy requirements in your env?18:19
shewless_Here is my bootstrap line: juju bootstrap --metadata-source /home/test/simplestreams --config network=9a7d0138-ecf6-4c16-a894-e033e5be9631 --config use-floating-ip=true myclouder openstack18:19
shewless_lazyPower: no I expect the floating ip will work18:20
shewless_..and from within the instance there isn't a proxy18:20
lazyPowershewless_ - can you capture the same command but add --debug and pastebin the logs? i imagine we can get some output as to why its hanging there.18:20
shewless_beauty.. I will do that18:20
cory_fujrwren: Sorry for the delay.  Comments added to the two MRs18:20
shewless_also: I can't seem to ssh into the instance (public key). what's the default username created?18:21
jrwrencory_fu: thanks!18:21
lazyPowershewless_ - there are key credentials in $HOME/.local/share/juju/ssh   so you should be able to ssh -i $HOME/.local/share/juju/ssh/id_rsa ubuntu@$IP18:21
jrwrencory_fu: great catch on the lint. I'm sorry I didn't catch that myself.18:22
ZiclazyPower: just a question without -> do upgrade-charm is required/advised as pure-incremental? or can I "jump" an upgrade (imagine 1.5.1 -> 1.5.3 for CDK)?18:23
shewless_lazyPower: thanks. I can see that resolv.conf doesn't have the nameservers I want in it. Is there an option for me to tell juju which nameservers to use?18:24
Zics/without//18:24
Zic(or s/without/without real intention to do it/ if I remember what my fingers wanted to type :p)18:25
shewless_lazyPower: trying to set the nameserver on my pre-created network to see if that helps18:27
shewless_lazyPower: much better with a good DNS server! thanks for the help18:30
lazyPowerZic - at present we dont have any dependent chains of charms so you should be g2g18:51
lazyPowerZic - if thats not the case we'll certainly signal you before the 1.6 upgrade steps are published to help vet in your staging env18:52
lazyPowershewless_ - awesome glad we got you unblocked :) sorry i stepped out for lunch in the middle of all that18:52
Zicok :)18:52
lazyPowerso close for your multi-master branch -https://github.com/kubernetes/kubernetes/pull/4191018:53
lazyPoweronce that lands and fixes the queue we should be unblocked to land the multi-master patch and you can scale your control plane. couple that with an haproxy rewrite of the apilb and you should be in HA nirvana18:53
* lazyPower isn't ambitious or anything18:53
Zicoh yeah18:54
Zicwith the new kube-api-loadbalancer charm, do you have plan for scaling it?18:54
Ziclike 2 apilb and a VIP?18:54
lazyPowerwell we can give you the 2 apilb18:54
lazyPowerthe impl of VIP would be up to your model environment18:55
lazyPoweryou can ELB, you can floating ip, you can round robin dns18:55
lazyPoweror as you said, VIP18:55
lazyPowerhowever if you want to ELB you can probably just negate the apilb and go direct to ELB, and use that in place. but i dont have confirmation on any of that yet as its still WIP :)  but yes, i dont want to reintroduce a SPF to solve HA18:55
ZicI can maybe implement an Heartbeat VIP directly on the VM which host the kube-api-loadbalancer18:55
ZicI think there is no overlap with Juju deployed files18:56
ZiclazyPower: this part (master & kube-api-loadbalancer) of the cluster is not hosted @aws18:57
ZiclazyPower: I can share you something in private :)18:57
stormmorelazyPower, well it is back :-/ going to go look at the docker logs in a little bit18:59
shewless_lazyPower: Now I'm trying to add some charms via the gui... I see an instance is created in openstack but the charm just says "pending" - hints at where the logs are?19:04
lazyPowershewless_ juju debug-log would be a good place to start19:06
lazyPowerif the instances aren't coming back you might need to remote into the controller or switch to the controller model and check the logsync19:06
shewless_lazyPower.. hmm the logs are showing things happening.. maybe I just didn't wait long enough19:09
lazyPowershewless_ - i can be a process sometimes depending :)19:09
shewless_BTW will it download images as needed or do I need to provide them like I did in order to bootstrap?19:09
lazyPowershewless_ - should download as needed, it pulls that data from simplestreams19:10
shewless_lazyPower: so I have to add the images to the simplestream then?19:10
lazyPowershewless_ - give me a moment to re-read thread. i'm in standup and want to answer this correctly19:11
stormmorelazyPower, nothing there other than the sidecar's log showing the connection refused19:13
lazyPowerstormmore - that sounds suspect and similar to Zic's issue where its a conmax on the daemon19:14
lazyPowerstormmore - if you sale kubedns to 3 replicas does it continue to be a CLBO issue?19:14
Zicto fetch the dnsmask logs, I needed to use `docker logs <container>` directly at the kubernetes-worker which host the Pod's containers, because through `kubectl logs` I have nothing interesting19:16
stormmorescaling up now to find out :)19:16
Zicdays after, I think it was because I didn't know the `kubectl logs kube-dns --container dnsmask` :p19:16
Zic+syntax19:16
stormmoreZic, yeah I did that to confirm that I was seeing the same output in the container logs in the kubernetes dashboard too19:18
stormmoreOK it is scaled and green (for now!)19:18
stormmorelazyPower, if you are correct, scale is not the issue since I basically had the default pods setup19:19
Zicstormmore: you have maybe one container/pod which "talk" a lot to kube-dns19:20
Zicin my case, it was not the number of Pods I have, this error was triggered by only 4 pods19:21
Zicwas Cassandra pods misconfigured, which try to querying kube-dns in loop19:21
stormmoreZic, nope only basic nodejs containers that are not really aware of their environment yet.19:24
stormmorelazyPower, definitely isn't working, the new pods are in a restart loop already19:24
Zicstormmore: if you tail -f /var/log/syslog at your kubernetes-master, do you have any suspect lines ?19:25
Zicas I understood, kube-dns healthz/readyness is checked through the API19:25
Zicso check if you see any denied or error GET at kubernetes-master19:26
stormmorenothing but a bunch of 200s19:37
lazyPowerhmmm... somethigns amiss if you aren't getting error output in the console and the api is giving you 200's19:38
lazyPowerstormmore - ok lets try to reduce to square 1, can you whole sale remove the kube-dns deployment and reschedule? the rendered template is in /etc/kubernetes/addons/19:38
lazyPowerstormmore - i'd like to get you to attach and tail the container logs and kubectl log output for the application pods until it reaches CLBO. we might catch something happening19:39
lazyPowerthis is where i wish i had prometheus monitoring completed, we could likely scrape the issue out of the metrics.19:40
stormmoreyeah that would be nice too :P19:40
lazyPowerfuture me will appreciate it :)19:40
lazyPowerbut present me hates that its not there19:40
stormmoreso basically you want me to detroy / recreate the kubdns deployment, right?19:42
Zic(lazyPower: CDK plans to integrate Prometheus as default? or through a third-party charm?)19:42
lazyPowerthird party charm - i'm 90% certain of that19:42
stormmoreas for the log output lazyPower, you want the container logs from all 3 containers in the pod, right?19:42
lazyPowerthere are already helm charts to deploy prometheus if you want it today, but thats not a very juju-style answer. what do you do when your k8s is sick and you want that data? :)19:42
lazyPowerstormmore - yeah, we'll need all 3 to correlate19:42
stormmoreack19:43
Zicbecause I'm scratching my head to add metrics to our Nagios/Naemon by hands... if a Promethus charm automatize this, it will helps me a lot, I confirm :p19:43
lazyPowerZic - thats the idea, you betchya19:43
Zicmy Naemon's metrics are curently just a bunch of curl to the K8s API status :/19:44
Zicfor pods, nodes, services...19:44
Zicit's kinda creep19:44
lazyPowerZic - in the interrim there's always BEATS19:44
lazyPowerand with metricbeat you can create custom metrics fairly easily19:44
lazyPowerwhich could in turn handle that and stuff it in ES to be graphed with kibana19:44
ZicBeats just sond like horrible earpods in my head19:45
Zicdo I miss something? :D19:45
lazyPowerelastic released golang based agent's to ship arbitrary metrics19:45
Zics/sond/sounds*19:45
lazyPowerZic https://insights.ubuntu.com/2016/09/22/monitoring-big-software-stacks-with-the-elastic-stack/19:45
Zic"elastic stack" sounds as ELK now, ARGH! :p19:46
lazyPowerits the successor to ELK19:46
Zicoh nice19:48
Zicbecause my current Naemon checks looks like (ugly) this: `curl -sk https://<kubeapi-load-balancer/api/v1/pods | grep phase` for Pods status for example19:49
ZicI'm trying to avoid grep and use "jq" instead, as it stdout is JSON19:49
lazyPoweryeah, metricbeat can just poll that whole json feed, and stuff it in ES19:49
lazyPoweryou can then subquery in teh dashboard to make nice timeseries charts out of it.19:50
lazyPoweror do additional parsing in logstash, whatever your business logic is19:50
lazyPowerthe idea is to be flexible and give you a swiss army knife to make meaningful reports based on whats important to you as an operator / analyst19:50
lazyPowerthats why i fell in love with beats, you dont have to code your app to integrate with it like you do with prometheus19:50
stormmorewell it is re-provisioned and running green for now, going to make a cup of tea and see if it can last at least that long19:51
Zicmy main concern is for alerting (we have TVs which displayed the current status of all our platforms at office) and mail-alerting/SMS for our on-call rotation19:51
lazyPowerstormmore - ok, thanks for doing the debug work, i'm concerned that theres a hidden dragon in here we've not encountered so therefore we aren't accounting for.19:51
lazyPoweryou're the second user thats reported kubedns failures in < 1 month. its likely that release of the addon might just be hinky19:52
Zicall these are linked to Naemon for now19:52
Zicbut as we're testing Prometheus of others platform, it will be nice to have it for CDK also :D19:52
Zics/of/for/19:52
lazyPowerZic - its future work but on the roadmap :) again, i'll ping ya when somethings brewing there19:52
lazyPowerhappy to help you clean up addon services to replace with charms, because thats how we roll19:53
stormmorenot a problem, least I can do :)19:55
stormmorealthough the bad good news might be that the rescheduled deployment might have solved the problem19:57
Zicin any case, even if I don't have anymore CLBO or dnsmask maxconn reached on kube-dns, it continues to restart sometime, but as I scaled them, at least they are not restarting at the same time, so no unavailability : http://paste.ubuntu.com/24048434/19:57
Ziclook at restarts column19:57
Zicas lazyPower said, this kube-dns release seems to not be so stable :/19:57
stormmoreso far I am not seeing any connection refused errors in the sidecar container which was what I was setting before19:58
lazyPowerstormmore - might be a sync issue :|19:59
lazyPoweri'm not impressed with this release of kubedns. when we circle back to the 1.5.3 release we'll grab the latest manifests for that rel and see if we can get this resolved via addon bumps19:59
lazyPowerbut i'm not hopeful19:59
Zicit's not blocking as I have like stormmore a hard CLBO before, now it's scaled, I just have some "instant-restart", and not all at the same time20:01
Zicbut it's weird :/20:01
stormmoredoes make me question the decision to use kubernetes / docker vs some lxd type environment right now20:02
stormmoredns seems critical enough to me that it needs to be stable20:02
lazyPoweri'm sure if we gather enough info and bug it, that it'll get fixed20:03
lazyPowerwe just need to find that root cause and get it contributed20:03
lazyPowerif its biting us, its biting other users20:03
lazyPowerand i'd rather not throw the baby out with the bath water :) but on that note stormmore - i'm more than happy to support you in a move to lxd as well. because LXD is the bees knees20:03
stormmoreoh agreed, questioning isn't going to keep me from figuring it out20:03
stormmorelazyPower, I just need to do my research on Docker to LXD20:04
Zicwe're not planning to use Kubernetes and LXD at the same place here, we're using Kubernetes as PaaS (= our customer managed which pods are running, we are managing the deployment and the availability of the cluster) ; for full-managed infrastructure, we're curently using VMware ESXi or Proxmox, and LXD will be part of this list20:05
stormmorelazyPower, from the little research I have done, outside of maybe Juju, LXD management / orchestration isnt as mature as k8s20:05
ZicTL;DR: Kubernetes as Docker's orchestrator / LXD as hypervisor, even if LXD use LXC-component of containers, it's more like VMs20:07
Zicthe only things that have a "versus" to Kubernetes is Swarm or Rancher, with less features20:08
Zic(we have some Rancher here, and our PoC of Swarm was not satisfying)20:08
stormmoreoh I definitely get that by management, I mean things like the kubenetes dashboard level maturity20:09
lazyPowerehhhhhh20:09
lazyPowernot so sure i agree with that sentiment, but i'm clearly biased20:09
lazyPowerso i'll let you come up with your own conclusions, however lxd has been in prod here at canonical since release, and before that with lxc.  flockport even wrote an entire hosting company based on lxc20:10
stormmorelazyPower, don't get me wrong the juju gui is one of the nicest guis I have seen but it doesn't have the level of data that the kubernetes one does20:10
lazyPowerwell sure, those are wildly different use cases20:11
lazyPowerthe juju gui is only intended to be used for modeling your applications and then routine tasks. There hvae been many requests to integrate things like ssh in the browser, log aggregation, etc.20:12
lazyPoweri dont think we've had the manpower to promote that in priority however, as other things like model migrations and what not have taken precedence.20:12
ZicI didn't touch the Juju webUI since I finished the deployment personally, I'm doing all post-stuff with the juju-cli only20:12
lazyPowerwhich are arguably larger / important features for the core of juju to have.20:12
lazyPoweryeah20:12
lazyPowerwe find that most operators tend to do that20:12
Zicand it was for our baremetal/manual installation20:13
lazyPowermyself included, i look at the juju ui during testing only or when i'm mocking something up quick to share.20:13
Zicfor labs, with conjure-up, I didn't use Juju WebUI at all20:13
lazyPowerbut that being said20:13
lazyPowercomparing apples/oranges here :)20:13
lazyPoweri found this though20:13
lazyPowerhttps://github.com/aarnaud/lxd-webui20:14
lazyPoweri haven't used it, and it looks a bit long in the tooth- 9 months since last contri - however... looks neato20:14
stormmorenot faulting juju at all, just s saying from a cluster management perspective the kubernetes dashboard is awesome20:14
lazyPowerstormmore - well its a good thing we grabbed it for part of the CDK :D I'm happy i could deliver on that one20:14
lazyPowerstormmore - still no issues with kube-dns?20:15
Zichere it's that way: LXD is used as an hypervisor (and have a take on Proxmox, VMware ESXi, KVM) even if it use LXC-container-echnologies-inside ; Juju is used as a tool to deployed and managed highly-complicated platform like K8s or OpenStack ; Kubernetes is used for a customer which come with "I have 100 docker running at a raw-dockerd, do you have something to orchestrate them and pass to production?" :)20:15
lazyPowerif its running idle as it should right now, i fear we're running into a race condition with the pods or a sync issue or something similar. Just keep that pipeline open and if you catch something dump the logs and lets bundle up for an issue, even if its inconclusive results.20:15
stormmorelazyPower, Zic I use the command line more often than not for things but it is always nice to have readily available "pretty pictures" to show people20:16
stormmoreand lazyPower still green20:16
lazyPowerok, sounds good. Thanks again, i'm going to context switch back into the etcd bits and focus on landing this multi-master PR20:17
lazyPowerping me if you need anything. otherwise i'm resuming silent operation20:17
stormmoreyeah I am going to go back to determine my permissions issue solution20:17
ZiclazyPower: the good thing I note for later is that you're at the middle of your office-day when I'm on-call rotation :p20:19
Zic(it's 21:19 here o/)20:19
Zicand I'm on-call this week :p20:19
stormmoreI can happily say I am not on call at the moment :)20:23
Zic:D20:25
stormmoreoh that just means I have more time to architect and design environments for now20:43
cory_fujrwren: http://pastebin.ubuntu.com/24048767/ on the test now20:55
cory_fujrwren: And on the other MR: http://pastebin.ubuntu.com/24048870/21:13
kwmonroepetevg: i need your unit test guru status.  i wanna unit test actions.  my actions have hyphens in the name "do-stuff" wihtout a .py extension.  that makes imports hard.  my workaround is to have "do-stuff" import ./stuff.py, and call "stuff.action()".  then i just unit test stuff.py.  any better way?21:45
petevgkwmonroe: Your way sounds pretty good. Not naming a python script "blah.py" is kind of an anti pattern, so the workaround isn't necessarily going to be pretty.21:47
petevgkwmonroe: you could also copy the file to a temp dir, with a ".py" extension, and import it from there.21:48
petevgkwmonroe: ... or you could try to hack on Python's import command, to make it work wit a non .py file. Shouldn't be too scary, but I don't know what you'd do off the top of my head.21:48
kwmonroeomg petevg, i don't know why i talk to you.  you went from "sounds pretty good" to "this is gonna hurt" in like 2 messages.21:49
petevgJust trying to be helpful :-)21:49
kwmonroewell i'm all for anti anti-patterns, but i don't belive actions can have a suffix, which makes this particularly annoying21:50
lazyPowerlib + wrapper, or action == executor action.py == library21:51
kwmonroei do appreciate the alternatives petevg!  just giving you grief.  also, it's 85F here in texas, i'm coding by the pool.  how's shoveling your driveway going?21:51
lazyPoweri dont know what that would do tho, if you use foo executor and foo.py... if it would give you grief during import21:51
petevgkwmonroe: The snow is actually basically melting, because it's kind of the same thing as being 85F here, relatively speaking :-p21:53
kwmonroewait lazyPower, i don't follow your == suggestions.  are you suggesting symlink the action to action.py?21:53
petevgOoh. A temp symlink > temp file.21:53
lazyPowersymlinks would work21:54
lazyPowerslightly opaque, but doable21:54
kwmonroei know the bashism to call a method based on $0, but how do you do that in python?21:54
lazyPowersys.argv[0]21:54
kwmonroenice21:55
kwmonroenm, i hate that for the same reason i hate trying to follow old charms with links to hooks.py.21:58
kwmonroei'll just shell out to "java -jar myaction.jar <func>" like matt taught me.22:00
SivaI  want to know number of units of a charm deployed in the charm code22:00
=== Siva is now known as Guest1503
Guest1503How can I find that?22:00
petevgkwmonroe: it looks like there's a way to do it, no hacking needed, with the "imp" module. Or so says Stack Overflow: http://stackoverflow.com/questions/2601047/import-a-python-module-without-the-py-extension22:01
Guest1503I want to find out the ipaddress of all the peer units deployed. How can I find that from within the charm code?22:06
petevgGuest1503: if the peers in the charm have a relation to each other, you can query the conversations in the relation.22:07
petevgFor an example, see the interface the Zookeeper charm uses to wrangle its peers at https://github.com/juju-solutions/interface-zookeeper-quorum/blob/master/peers.py22:08
petevgGuest1503: this assumes that you're writing a layered charm using the reactive framework, and it does require writing an interface. If you have some trouble figuring out how everything works, I might be able to answer specific questions. cory_fu might be able to help you out, as well.22:09
Guest1503@petevg, I am not writing layered charms....normal charms based on the hooks22:11
petevgGuest1503: I'm afraid that you've stepped outside of my area of expertise, then :-/ Does anyone else have any advice on doing interface style stuff in an older style charm?22:13
Guest1503@petevg, in my case I want to make sure I have all the peer ip's before I do some operation. The problem is how do I find out the num_units you specify in the bundle in the charm code?22:14
cory_fuGuest1503: Either way, you will need to use a peer relation.  On the <peer-relation-name>-relation-joined hook, you should be able to use `relation-get private-address`22:14
Guest1503@cory_fu, Yes that will work.. but for me I need a way to know if all the peer relation ip's have been fetched22:15
Guest1503How do I find that out?22:15
cory_fuOr you could iterate over the peers in any hook using related-units, and call relation-get with an explicit relation-id and unit22:15
petevgGuest1503: I'd consider refactoring so that your charm can handle an additional peer joining after you've done whatever processing that you're doing. Someone can add another peer with "juju add-unit" at any time, so the code will need to handle the case where you add a peer, anyway.22:16
cory_fuWhat do you mean by "all the peers"?  Each unit will be able to see all of the peers that are connected to it, though it might take a small amount of time before a new peer is connected to all of the other units22:17
cory_fuRight, what petevg said.  You can always add more units22:17
cory_fuOr remove them22:17
Guest1503@cory_fu, say I deploy 3 units of a charm using  a bundle... so you recommend the 'for' loop for peers in a some other hook rather than <peer_relation_joined _hook?22:18
petevgGuest1503: the "best practice" pattern is "this hook/event fires off when I have a new peer on my relation, and I do the appropriate thing." There isn't really a "wait until all my peers have come up" event, because you can never be confident that the operator is done adding peers.22:19
petevgGuest1503: so the <peer_relation_joined_hook> is the correct hook. It just needs to do the right thing whenever a new peer joins.22:19
petevgGuest1503: in zookeeper's case, it writes out the peer to a list in a config file, then restarts the zookeeper daemon.22:20
petevgcory_fu: if I want to grab the latest cwr-ci bundle, this invocation should do it, right? `charm pull cs:~bigdata/bundles/cwr-ci`22:41
petevg(Or did we move it out of bigdata?)22:41
cory_fupetevg: It's in ~juju-solutions22:42
petevg... and it's singular bundle, rather than plural.22:42
petevgcory_fu: thx.22:42
petevgApparently, my bash history is all lies.22:42
jrwrencory_fu: are you using a different lint tool? `make lint` returns nothing for me.22:42
cory_fujrwren: Lint is fine now, it's `make test` that's failing now.  And the config-changed hook in the other MR22:43
jrwrencory_fu: I can't repro that either. :(  not saying its not happening though. I'm sure its something strange about my setup.  Thanks for the fast feedback. I'll have fixes tomorrow.22:45
cory_fuk22:45

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!