=== thumper-dogwalk is now known as thumper | ||
arosales | cory_fu: kwmonroe: http://i.imgur.com/QMMtsAt.gif :-) | 00:17 |
---|---|---|
lutostag | does juju support running against a snapped lxd? I get 'ERROR can't connect to the local LXD server: LXD socket not found; is LXD installed & running?' any way to fix | 01:39 |
anastasiamac | lutostag: wallyworld had some issues running with snapped lxd :) he may b the best person to help \o/ | 01:40 |
stokachu | lutostag, export LXD_DIR=/var/snap/lxd/common/lxd | 01:41 |
stokachu | lutostag, see this https://github.com/conjure-up/conjure-up/blob/master/snap/wrappers/juju | 01:41 |
lutostag | stokachu: my man!!! ty | 01:41 |
stokachu | np | 01:42 |
stokachu | lutostag, you can't have both deb and snap lxd installed though as they conflict on port 8443 | 01:42 |
stokachu | and thats hardcoded in juju | 01:42 |
lutostag | yeah, I have been fighting a bug with juju2.1rc with bootstrapping, seeing if blowing away lxd will fix (and a time to try lxd snapped on my main machine) | 01:43 |
stokachu | lutostag, i know lxd 2.8 which is in snap stable works fine | 01:43 |
stokachu | anything newer though is broken | 01:43 |
lutostag | stokachu: thanks | 01:46 |
lutostag | axw: fiddlesticks, still can't bootstrap against a wiped lxd | 01:46 |
axw | lutostag: I have no idea what's going on :/ do you have a firewall on your host perchance? ufw enabled? | 04:20 |
axw | lutostag: can you try starting a lxd container by hand, and connecting to 10.232.128.1:8443 with telnet or whatever? | 04:21 |
axw | lutostag: the only other thing I can think of that might be useful is the output of: lxc network show lxdbr0 | 04:27 |
=== frankban|afk is now known as frankban | ||
kjackal | Good morning Juju world! | 08:43 |
eeemil | How does Juju decide which subnet to use within a specific space? I'm deploying to MaaS where each machine has 2 NIC:s, one NIC is exposed to Internet and one NIC is for internal communication. I want to deploy openstack-base. If I have 2 separate spaces (one external, one internal), Juju seems to become confused. If I have 1 space with both external and internal subnet, I can't communicate with some units as | 09:46 |
eeemil | they get internal IP:s listed as public... | 09:46 |
=== frankban is now known as frankban|afk | ||
=== lukasa_ is now known as lukasa | ||
cnf | hi, how do i get juju to use a socks5 proxy for connections? | 13:10 |
cnf | or even better a pac file | 13:10 |
stub | cnf: I don't think you can. https://jujucharms.com/docs/devel/models-config has details of the various environment configuration options, but no mention of socks5. | 13:34 |
cnf | stub: that's remote proxies, from what I get | 13:36 |
cnf | i need it locally | 13:36 |
cnf | juju can't talk to the cloud API directly | 13:37 |
bdx | stub: I'm experiencing some odd behavior when requesting the same database from multiple applications, e.g. one application seems to have higher privs then the other | 13:37 |
bdx | stub: is there anything that would cause the privs for a subsequent user to be less than the user that requested the database initially | 13:39 |
cnf | hmm | 13:40 |
cnf | i think setting http_proxy works | 13:40 |
cnf | but then i get | 13:41 |
cnf | ERROR invalid URL "http://cloud-images.ubuntu.com/releases/streams/v1/index.sjson" not found | 13:41 |
bdx | stub: for example, after each app requests access to the database, one of the apps can communicate with postgres just fine, see http://paste.ubuntu.com/24046542/ | 13:43 |
cnf | hmm, can I pre-download whatever image it wants from http://cloud-images.ubuntu.com/releases/streams/v1/index.sjson ? | 13:44 |
cnf | because i need to go through a proxy to get to my controller, but not to get the image | 13:44 |
bdx | the other application just barfs on `rails c`, due to postgres acccss http://paste.ubuntu.com/24046554/ | 13:45 |
bdx | stub: I see that postgres has created the correct entries in pg_hba.conf http://paste.ubuntu.com/24046557/ | 13:46 |
cnf | hmz "getting started" with juju is turning out to be quite a rabbit hole :/ | 13:48 |
bdx | and that the database has the correct acceess for each user created http://paste.ubuntu.com/24046568/ | 13:49 |
bdx | stub: what is odd, and I'm just noticing this, is that there is a database created for each user as well as a database created with the dbname that I request in each of my charms | 13:50 |
bdx | should the postgres charm create a db named that of each user? | 13:51 |
bdx | alongside the one you request? | 13:51 |
cnf | ugh, so i guess i can't use the vsphere provider | 13:53 |
bdx | this was working for me some time ago, not sure if recent changes may have impact on what I'm seeing here or what the deal is | 13:53 |
cnf | that leaves me with nothing to try it out | 13:53 |
bdx | I had changed some perms around prior to getting that paste of the \l | 13:57 |
cnf | any suggestions? | 13:57 |
icey | I was trying to test some new logic with an upgrade charm and can't eploy local changes: https://bugs.launchpad.net/juju/+bug/1666904 | 13:58 |
mup | Bug #1666904: upgrade-charm --switch doesn't work with local charms <juju:New> <https://launchpad.net/bugs/1666904> | 13:58 |
cnf | where does juju store local config, btw? | 14:00 |
jrwren | $HOME/.local/share/juju | 14:02 |
cnf | thanks jrwren | 14:02 |
cnf | now to find a provider i can actually use | 14:03 |
cnf | hmz | 14:25 |
cnf | why would I get ERROR failed to bootstrap model: cannot start bootstrap instance: cannot run instances: cannot run instance: No available machine matches constraints: mem=3584.0 zone=default | 14:39 |
cnf | ? | 14:39 |
cnf | hmz, I can't get any of the providers working | 14:40 |
cnf | wow, maas is horrible | 14:44 |
cnf | right, 3 hours "getting started with juju", and I got nothing working | 14:46 |
cnf | i'm done for the day | 14:47 |
cnf | can't get any provider working | 14:48 |
=== frankban|afk is now known as frankban | ||
jrwren | cory_fu: I have a couple of MP for charm-haproxy. Please take a look? | 15:23 |
lazyPower | cnf - are you really done for the day? if not I can lend a hand in getting you unblocked | 15:34 |
kjackal | kwmonroe: I am merging the jenkins jobs backup and restore! | 15:50 |
cnf | lazyPower: i'm mostly frustrated atm :P | 15:51 |
cnf | got about an hour before end of day | 15:51 |
kwmonroe | ack kjackal - thanks! | 15:55 |
kwmonroe | cnf: just catching up on backscroll.. if you're still hitting the bootstrap error mentinoed above, the default bootstrap requires 3.5G of ram. you can override that with "juju bootstrap --bootstrap-constraints mem=2G", for example. | 16:00 |
cnf | yeah, that's not going to help. that was me misunderstanding maas | 16:00 |
kwmonroe | gotcha | 16:01 |
cnf | I just want to learn how juju works, but it seems to want cloud stuff I don't have available | 16:01 |
cnf | and I can't get the vsphere one working | 16:01 |
kwmonroe | cnf: sorry this isn't going smoothly! i don't have vsphere/juju experience, but i can point you to free aws creds: http://developer.juju.solutions/. i know you're about to EOD, but perhaps it's worth signing up there so you can check out juju/aws. | 16:03 |
cnf | i'll look at that for learning | 16:03 |
cnf | but i'm mostly interested in juju for setting up openstack | 16:04 |
cnf | if i am understanding things correctly, maas is pretty much the only way | 16:04 |
cnf | but thanks for that link | 16:04 |
kwmonroe | np | 16:05 |
kwmonroe | admcleod: you still around? what's the best guide for juju/maas/openstack these days? is it the openstack-base readme (https://jujucharms.com/openstack-base/)? | 16:06 |
lazyPower | cnf - MAAS on vsphere would be your best bet yeah. | 16:07 |
lazyPower | we have quite a bit of testing around that in our OIL lab | 16:07 |
cnf | add vm's to a maas controller? | 16:07 |
cnf | for testing that could work, I guess | 16:08 |
lazyPower | cnf - yep, thats how we do it. You can also skip MAAS and use the vsphere direct https://jujucharms.com/docs/stable/help-vmware | 16:08 |
lazyPower | so you have 2 options there | 16:08 |
cnf | lazyPower: yeah, I could not get that working | 16:08 |
lazyPower | ok so the vsphere provider is what was giving you heartburn attempting to bootstrap? | 16:08 |
cnf | i need to go through a proxy to get to the vsphere api | 16:08 |
cnf | and then it can't get the ubuntu img list, iirc | 16:09 |
lazyPower | can you do me a favor, just so i can get a bug filed if there's a bug in there - juju bootstrap --debug 2>&1 | tee bootstrap.log and pastebin that log? | 16:09 |
lazyPower | ooooohhh ok | 16:09 |
lazyPower | so its a localized setup, that has some restrictions our bootstrap process assumes are not there | 16:09 |
cnf | ERROR invalid URL "http://cloud-images.ubuntu.com/releases/streams/v1/index.sjson" not found | 16:09 |
cnf | it is | 16:10 |
lazyPower | you can set a proxy for the bootstrap process to use, however i do beleive it works as follows: its going to fetch the cloud image to your workstation, and then push that to the bootstrap node (the docs state this) and that might also be troublesome | 16:10 |
cnf | yeah, i can't get the image through the proxy | 16:10 |
cnf | but i need the proxy to get to the vsphere | 16:10 |
cnf | and it doesn't support my pac file, I think | 16:10 |
cnf | and i could not figure out how to download the image manually | 16:11 |
cnf | that's where I got stuck | 16:11 |
lazyPower | cnf - ok, can i get you to file a bug against our docs for this? I'd like to see if we can get you a working path to resolution. The alternative would be to install maas, and then pre-load maas with both images and vm's | 16:12 |
lazyPower | but thats a load of extra setup steps you can forego | 16:12 |
cnf | yeah | 16:12 |
lazyPower | eg: why am i setting up pxe to juju some vms? | 16:12 |
cnf | indeed | 16:13 |
lazyPower | i feel ya, let me get you a bug link | 16:13 |
cnf | the end goal is to evaluate juju as a mechanism for running openstack in production | 16:13 |
cnf | but i'm not there yet | 16:13 |
lazyPower | cnf https://github.com/juju/docs/issues/new -- can you file a bug here, describing the limitations of your setup wrt the vsphere / network limitations? | 16:13 |
cnf | i | 16:14 |
lazyPower | we can see about getting some updated docs cut around those limitations and also ping the right people to weigh in on what you would need to request from your IT staff (if applicable) for allowed proxy domains. | 16:14 |
cnf | hmm, not sure how to word this | 16:14 |
cnf | (end of day, i'm tired and hungry, i'm afraid) | 16:14 |
lazyPower | cnf - however i do believe its just the cloud image archive and the jujucharms.com api is all thats expected. Charms on the other hand will want hte cloudarchive bits. | 16:14 |
cnf | lazyPower: are you one of the devs? should I mention you in the ticket? | 16:19 |
lazyPower | cnf - I work on the charm ecosystem, but you bet feel free to ping me direct. i'm @chuckbutler on github | 16:20 |
cnf | https://github.com/juju/docs/issues/1676 | 16:21 |
cnf | I hope that's a bit clear | 16:21 |
lazyPower | cnf - thanks, acknowledged receipt | 16:24 |
lazyPower | i'll shop this with some of the core devs when they come online and see if we cant get you unblocked | 16:24 |
cnf | cool, thanks | 16:24 |
cnf | lazyPower: from what I understand, the --config sets the proxy on the remote side | 16:31 |
cnf | export http_proxy=http://ip:port/ works though | 16:32 |
cnf | except i can't download the image through the proxy | 16:32 |
lazyPower | ok so confirmed its during the client side image fetch to load the cloud image. | 16:33 |
cnf | ie "The HTTP proxy value to configure on instances, in the HTTP_PROXY environment variable" | 16:33 |
cnf | for http-proxy | 16:34 |
lazyPower | right, the bootstrap controller is going to want proxy access as well to reach the charmstore. I'm looking now for osx proxy settings you can set on the CLI to bypass thsi | 16:34 |
lazyPower | i read that you have browser proxy working, i do beleive there's a way to proxy cli tooling too, i think its with networksetup but its been quite a while since i've done that | 16:34 |
cnf | well, i have a pac file | 16:35 |
cnf | that sets proxy servers differently according to the url | 16:35 |
lazyPower | networksetup -setautoproxyurl "wi-fi" "http://somedomain.com/proxy.pac" | 16:35 |
cnf | yeah, cli tools don't respect that | 16:35 |
cnf | they use the http_proxy env var | 16:35 |
Zic | lazyPower: hi! I just saw Kubernetes 1.5.3 was out since 15th, is it already available through Juju ? | 16:36 |
cnf | (just like on linux) | 16:36 |
=== redir_holiday is now known as redir | ||
lazyPower | Zic - we are a bit behind with 1.6 code freeze. I can kick off a build and run e2e on that today if you want the 1.5.3 bump | 16:36 |
lazyPower | i suspect we can get you an edge by EOD, probably closer to beta/stable by end of week | 16:36 |
lazyPower | Zic - however, this depends on clean e2e results :) | 16:36 |
lazyPower | cnf - ok, and i guess the PAC file changes from time to time so its not really convenient to use the HTTP_PROXY url with a manual config? | 16:37 |
cnf | lazyPower: my main problem is that the vsphere api is behind a proxy, the REST of the internet is NOT | 16:37 |
Zic | was just to know :) if you have any "edge" channel that I can test on preprod I can give you some review with my usage :) | 16:37 |
lazyPower | cnf sorry for basic questions, just trying to wrap my head around the domain here. | 16:37 |
lazyPower | Zic - ok, lets shoot for later this week then my plate is full today. | 16:38 |
cnf | the pac file is always the same here, just ubuntu.com needs a DIRECT connection, and vsphere needs to go through a proxy | 16:38 |
lazyPower | Zic i'll try to get you an edge build by tomorrow, if all else fails, friday | 16:38 |
Zic | np :) | 16:38 |
cnf | lazyPower: and i can't have both in the shell | 16:38 |
cnf | and i can't split the commands, i think | 16:38 |
lazyPower | cnf thats unfortunate. I dont have a direct answer right now, let me think on this and see if we cant resolve this with some clever cli fu | 16:39 |
lazyPower | or maybe less-than-clever cli fu | 16:39 |
cnf | :P | 16:39 |
lazyPower | i'll keep up in the bug sinc eyou're close to EOD | 16:39 |
cnf | lazyPower: the only thing i can think of is download the image manually | 16:39 |
cnf | and put it somewhere juju can find it | 16:39 |
lazyPower | does that work for you? | 16:39 |
cnf | sure | 16:39 |
lazyPower | fantastic. Thanks for being patient cnf, i'll try to run down some answers regarding manual image upload and instructing juju what to do with that image | 16:40 |
lazyPower | kwmonroe nice drive by on that bug | 16:41 |
cnf | i responded to that kwmonroe | 16:42 |
cnf | to add context from here to the bug | 16:42 |
lazyPower | rick_h - when you have a sec to glance at https://github.com/juju/docs/issues/1676 it would be good to gather info on if we have encountered split proxy clouds before, and if there's a known path to success here. | 16:42 |
cnf | kwmonroe: i just noticed the no_proxy as an env var | 16:44 |
cnf | kwmonroe: setting that to ubuntu.com gets me to | 16:45 |
cnf | ERROR failed to bootstrap model: cannot package bootstrap agent binary: no prepackaged agent available and no jujud binary can be found | 16:45 |
admcleod | kwmonroe: im here, yeah - depends, what do you want to do with it? | 16:45 |
lazyPower | kwmonroe - do we know if the 2.0.3 release was pre no-more --upload-tools? | 16:46 |
admcleod | kwmonroe: oh. i see | 16:46 |
kwmonroe | oof cnf, i haven't seen that error before. lazyPower, i dunno the state of --upload-tools in 2.0.3. | 16:47 |
cnf | hmm | 16:47 |
admcleod | there is also the option of doing openstack-on-lxd on a laptop,etc | 16:47 |
lazyPower | i beleive that went away in teh 2.0 release chain but i forget when | 16:47 |
cnf | no lxd on my laptop | 16:47 |
lazyPower | it adopted new behavior where it "just does the right thing" during the bootstrap process. | 16:48 |
cnf | oh, on that | 16:48 |
cnf | might want to hide the lxd options on the osx build | 16:48 |
cnf | doesn't work, anyway :P | 16:48 |
kwmonroe | thx admcleod - cnf was working on an openstack/juju happy-fun-time, so wanted to point him at the most recent docs. atm, we're working through bootstrapping vsphere with proxies, so we'll need to get that sorted before diving into the 'stack. | 16:49 |
lazyPower | cnf - there's been work in progress to command lxd providers on remote units. | 16:49 |
admcleod | kwmonroe: yep read some of the scroll | 16:49 |
cnf | lazyPower: that would be awesome | 16:49 |
lazyPower | cnf - so you can point it at a vm and suddenly you have a developer cloud on your laptop :) | 16:49 |
lazyPower | spiffy right? | 16:49 |
cnf | yep | 16:49 |
cnf | i do that with docker things, atm | 16:50 |
lazyPower | prior to that work it was a nasty hack with socat and some tls cert syncs and other fun time stuff | 16:50 |
cnf | uhu | 16:51 |
cnf | how do you communicate with it? | 16:51 |
cnf | a socket file? | 16:51 |
lazyPower | lxd is a restful api | 16:51 |
cnf | (recent versions of ssh support forwarding socket files) | 16:51 |
cnf | i saw lxd intro at fosdem a few years ago | 16:53 |
cnf | hmm | 16:56 |
cnf | lazyPower: well, lxc (as the command) is in homebrew | 16:57 |
cnf | (also, juju doesn't like socks5:// as proxy protocol | 16:57 |
cnf | maybe i should file a bug against that as well | 16:57 |
cnf | ok, as they say, badly translated from dutch, my pipe is out | 17:01 |
cnf | i'm going home :P | 17:01 |
cnf | \o | 17:01 |
lazyPower | cheers cnf | 17:01 |
cnf | thanks for the help | 17:01 |
stormmore | o/ Juju world! | 17:18 |
=== scuttle|afk is now known as scuttlemonkey | ||
stormmore | lazyPower, you awake today? ;-) Just noticed my first "issue" with my k8s cluster. kube-dns seems to be in CLBO but the only error I see is https://gist.github.com/cm-graham/bc9ff905ca63b06c393c08e0f33a8e33 | 17:23 |
lazyPower | stormmore - thats a new one. can you file a bug for this? it looks like kubedns might be failing health checks | 17:24 |
lazyPower | stormmore - one thing we did notice, is that if you hvae a busy cluster you might be filling the max_con_table | 17:24 |
stormmore | it is failing health checks, it is how I found it | 17:24 |
lazyPower | stormmore - https://github.com/juju-solutions/bundle-canonical-kubernetes/issues/216 | 17:24 |
lazyPower | related bug | 17:24 |
stormmore | yeah this is not a busy cluster (yet!) only running k8s services and 3 in house ones right now | 17:26 |
lazyPower | ok, that doesn't sound like it woudl be the culprit | 17:26 |
lazyPower | Cynerva ryebot - can we add a todo to add an action for re-scheduling the addons? Seems like this clears up a lot of the funky issues we've found with addons | 17:26 |
lazyPower | stormmore - one thing to try is scale the replicas to 0, then re-scale to n | 17:27 |
stormmore | being the self-hater that I am, I suspect something stupid I did ;-) | 17:27 |
lazyPower | stormmore - getting the pods rescheduled seems to unstick whatever the root cause is there | 17:27 |
ryebot | lazyPower: sure thing | 17:27 |
lazyPower | ryebot - ty, in the process of fighting with merge bots :| | 17:28 |
ryebot | np, good luck! | 17:28 |
stormmore | OK lazyPower that seems to have brought it back to a healthy state for now ;-) | 17:36 |
lazyPower | stormmore - ok, let me know if it continues to give you issues, this bit Zic before as well | 17:36 |
lazyPower | if we can identify a root cause for why kubedns is messing its own bed, it would be good to capture that and get a patch submitted upstream | 17:37 |
lazyPower | but i also know its abysmal at giving output as to why its having trouble | 17:37 |
lazyPower | :| | 17:37 |
stormmore | lazyPower, yeah I remember seeing that :-/ | 17:37 |
stormmore | still more useful than that 404 I am getting from the internal dev's container! :) | 17:38 |
lazyPower | stormmore - welp. :) | 17:46 |
lazyPower | i can only solve so much with magic and khai | 17:46 |
stormmore | lazyPower, I know this thankfully :) the devs I am working with are a little green (read a lot!) in containers | 17:51 |
stormmore | wow I am really laggy today... going up to 13secs to here :-/ | 17:57 |
Zic | lazyPower / stormmore : yep, I had this one, have you try to lurk at the logs directly through the docker container? because I didn't have any useful logs through "kubectl logs" | 18:09 |
Zic | stormmore: in my case, it was the max conn for dnsmask which was reached | 18:09 |
Zic | I just scaled kube-dns and then deleted the kube-dns pods | 18:09 |
Zic | (it respawned to respect the scale deployment) | 18:09 |
lazyPower | Zic - i dont know if thats tuneable, but we should probably investigate making that tuneable via configmaps | 18:10 |
Zic | yeah, it seems to be tuneable... at least the maxconn is in the starting process line of dnsmask container | 18:10 |
stormmore | Zic, I am no where near hitting a conntrack limit with the little number of containers I am running right now | 18:10 |
=== frankban is now known as frankban|afk | ||
Zic | stormmore: I'm running ~120 containers but only 4 was responsible of the maxconn of dnsmask | 18:11 |
Zic | because they were too heavily request resolving | 18:11 |
stormmore | lazyPower, isn't a tunable option on the hosts /proc? | 18:11 |
Zic | (was Cassandra pods...) | 18:11 |
stormmore | I am only running about a dozen right now | 18:11 |
Zic | stormmore: but all that said, it's not a conntrack limit on my case, just a software configuration-max in dnsmask container of kube-dns pod | 18:12 |
stormmore | ah :) | 18:12 |
stormmore | my team haven't realized just what we can do with kube-dns yet | 18:13 |
Zic | if you want to verify this issue, just run a `docker logs` at dnsmask container (it's bad, you should prefer kubectl logs but in that case, I didn't find these logs anywhere else except directly with docker command) | 18:13 |
stormmore | not inclined to let them in on that yet, too many other things need my attention | 18:13 |
Zic | if you have something like "dnsmask : Max request reaching (150)" (from what I remember), try to scale kube-dns | 18:14 |
lazyPower | i'm going to interject that it gives me an extreme happy face to see you two self helping and talking through these issues here... | 18:14 |
Zic | :D | 18:14 |
Zic | I personally scaled kube-dns to the number of nodes I have | 18:15 |
Zic | (one kube-dns per nodes so) | 18:15 |
lazyPower | Zic - there is a horizontal autoscaler addon for this case... | 18:15 |
lazyPower | i wonder if thats something worth investigating as its jsut another manifest | 18:15 |
Zic | yes, I know you can automatize that :) | 18:15 |
Zic | but as my nodes will not expand daily... | 18:16 |
Zic | and as you told me you will take a look for this autoscaler in CDK :D | 18:16 |
* Zic runs | 18:16 | |
lazyPower | haha | 18:16 |
lazyPower | oh sure, put the flaming bag on MY doorstep, thanks Zic ;) | 18:16 |
shewless_ | Hi. I'm trying to bootstrap my juju 2.0.3 with a private openstack environment. I'm making good progress (instance created, etc) but it seems to "hang" on Installing curl, cpu-checker, bridge-utils, cloud-utils, tmux | 18:19 |
shewless_ | any ideas? | 18:19 |
lazyPower | shewless_ - any proxy requirements in your env? | 18:19 |
shewless_ | Here is my bootstrap line: juju bootstrap --metadata-source /home/test/simplestreams --config network=9a7d0138-ecf6-4c16-a894-e033e5be9631 --config use-floating-ip=true myclouder openstack | 18:19 |
shewless_ | lazyPower: no I expect the floating ip will work | 18:20 |
shewless_ | ..and from within the instance there isn't a proxy | 18:20 |
lazyPower | shewless_ - can you capture the same command but add --debug and pastebin the logs? i imagine we can get some output as to why its hanging there. | 18:20 |
shewless_ | beauty.. I will do that | 18:20 |
cory_fu | jrwren: Sorry for the delay. Comments added to the two MRs | 18:20 |
shewless_ | also: I can't seem to ssh into the instance (public key). what's the default username created? | 18:21 |
jrwren | cory_fu: thanks! | 18:21 |
lazyPower | shewless_ - there are key credentials in $HOME/.local/share/juju/ssh so you should be able to ssh -i $HOME/.local/share/juju/ssh/id_rsa ubuntu@$IP | 18:21 |
jrwren | cory_fu: great catch on the lint. I'm sorry I didn't catch that myself. | 18:22 |
Zic | lazyPower: just a question without -> do upgrade-charm is required/advised as pure-incremental? or can I "jump" an upgrade (imagine 1.5.1 -> 1.5.3 for CDK)? | 18:23 |
shewless_ | lazyPower: thanks. I can see that resolv.conf doesn't have the nameservers I want in it. Is there an option for me to tell juju which nameservers to use? | 18:24 |
Zic | s/without// | 18:24 |
Zic | (or s/without/without real intention to do it/ if I remember what my fingers wanted to type :p) | 18:25 |
shewless_ | lazyPower: trying to set the nameserver on my pre-created network to see if that helps | 18:27 |
shewless_ | lazyPower: much better with a good DNS server! thanks for the help | 18:30 |
lazyPower | Zic - at present we dont have any dependent chains of charms so you should be g2g | 18:51 |
lazyPower | Zic - if thats not the case we'll certainly signal you before the 1.6 upgrade steps are published to help vet in your staging env | 18:52 |
lazyPower | shewless_ - awesome glad we got you unblocked :) sorry i stepped out for lunch in the middle of all that | 18:52 |
Zic | ok :) | 18:52 |
lazyPower | so close for your multi-master branch -https://github.com/kubernetes/kubernetes/pull/41910 | 18:53 |
lazyPower | once that lands and fixes the queue we should be unblocked to land the multi-master patch and you can scale your control plane. couple that with an haproxy rewrite of the apilb and you should be in HA nirvana | 18:53 |
* lazyPower isn't ambitious or anything | 18:53 | |
Zic | oh yeah | 18:54 |
Zic | with the new kube-api-loadbalancer charm, do you have plan for scaling it? | 18:54 |
Zic | like 2 apilb and a VIP? | 18:54 |
lazyPower | well we can give you the 2 apilb | 18:54 |
lazyPower | the impl of VIP would be up to your model environment | 18:55 |
lazyPower | you can ELB, you can floating ip, you can round robin dns | 18:55 |
lazyPower | or as you said, VIP | 18:55 |
lazyPower | however if you want to ELB you can probably just negate the apilb and go direct to ELB, and use that in place. but i dont have confirmation on any of that yet as its still WIP :) but yes, i dont want to reintroduce a SPF to solve HA | 18:55 |
Zic | I can maybe implement an Heartbeat VIP directly on the VM which host the kube-api-loadbalancer | 18:55 |
Zic | I think there is no overlap with Juju deployed files | 18:56 |
Zic | lazyPower: this part (master & kube-api-loadbalancer) of the cluster is not hosted @aws | 18:57 |
Zic | lazyPower: I can share you something in private :) | 18:57 |
stormmore | lazyPower, well it is back :-/ going to go look at the docker logs in a little bit | 18:59 |
shewless_ | lazyPower: Now I'm trying to add some charms via the gui... I see an instance is created in openstack but the charm just says "pending" - hints at where the logs are? | 19:04 |
lazyPower | shewless_ juju debug-log would be a good place to start | 19:06 |
lazyPower | if the instances aren't coming back you might need to remote into the controller or switch to the controller model and check the logsync | 19:06 |
shewless_ | lazyPower.. hmm the logs are showing things happening.. maybe I just didn't wait long enough | 19:09 |
lazyPower | shewless_ - i can be a process sometimes depending :) | 19:09 |
shewless_ | BTW will it download images as needed or do I need to provide them like I did in order to bootstrap? | 19:09 |
lazyPower | shewless_ - should download as needed, it pulls that data from simplestreams | 19:10 |
shewless_ | lazyPower: so I have to add the images to the simplestream then? | 19:10 |
lazyPower | shewless_ - give me a moment to re-read thread. i'm in standup and want to answer this correctly | 19:11 |
stormmore | lazyPower, nothing there other than the sidecar's log showing the connection refused | 19:13 |
lazyPower | stormmore - that sounds suspect and similar to Zic's issue where its a conmax on the daemon | 19:14 |
lazyPower | stormmore - if you sale kubedns to 3 replicas does it continue to be a CLBO issue? | 19:14 |
Zic | to fetch the dnsmask logs, I needed to use `docker logs <container>` directly at the kubernetes-worker which host the Pod's containers, because through `kubectl logs` I have nothing interesting | 19:16 |
stormmore | scaling up now to find out :) | 19:16 |
Zic | days after, I think it was because I didn't know the `kubectl logs kube-dns --container dnsmask` :p | 19:16 |
Zic | +syntax | 19:16 |
stormmore | Zic, yeah I did that to confirm that I was seeing the same output in the container logs in the kubernetes dashboard too | 19:18 |
stormmore | OK it is scaled and green (for now!) | 19:18 |
stormmore | lazyPower, if you are correct, scale is not the issue since I basically had the default pods setup | 19:19 |
Zic | stormmore: you have maybe one container/pod which "talk" a lot to kube-dns | 19:20 |
Zic | in my case, it was not the number of Pods I have, this error was triggered by only 4 pods | 19:21 |
Zic | was Cassandra pods misconfigured, which try to querying kube-dns in loop | 19:21 |
stormmore | Zic, nope only basic nodejs containers that are not really aware of their environment yet. | 19:24 |
stormmore | lazyPower, definitely isn't working, the new pods are in a restart loop already | 19:24 |
Zic | stormmore: if you tail -f /var/log/syslog at your kubernetes-master, do you have any suspect lines ? | 19:25 |
Zic | as I understood, kube-dns healthz/readyness is checked through the API | 19:25 |
Zic | so check if you see any denied or error GET at kubernetes-master | 19:26 |
stormmore | nothing but a bunch of 200s | 19:37 |
lazyPower | hmmm... somethigns amiss if you aren't getting error output in the console and the api is giving you 200's | 19:38 |
lazyPower | stormmore - ok lets try to reduce to square 1, can you whole sale remove the kube-dns deployment and reschedule? the rendered template is in /etc/kubernetes/addons/ | 19:38 |
lazyPower | stormmore - i'd like to get you to attach and tail the container logs and kubectl log output for the application pods until it reaches CLBO. we might catch something happening | 19:39 |
lazyPower | this is where i wish i had prometheus monitoring completed, we could likely scrape the issue out of the metrics. | 19:40 |
stormmore | yeah that would be nice too :P | 19:40 |
lazyPower | future me will appreciate it :) | 19:40 |
lazyPower | but present me hates that its not there | 19:40 |
stormmore | so basically you want me to detroy / recreate the kubdns deployment, right? | 19:42 |
Zic | (lazyPower: CDK plans to integrate Prometheus as default? or through a third-party charm?) | 19:42 |
lazyPower | third party charm - i'm 90% certain of that | 19:42 |
stormmore | as for the log output lazyPower, you want the container logs from all 3 containers in the pod, right? | 19:42 |
lazyPower | there are already helm charts to deploy prometheus if you want it today, but thats not a very juju-style answer. what do you do when your k8s is sick and you want that data? :) | 19:42 |
lazyPower | stormmore - yeah, we'll need all 3 to correlate | 19:42 |
stormmore | ack | 19:43 |
Zic | because I'm scratching my head to add metrics to our Nagios/Naemon by hands... if a Promethus charm automatize this, it will helps me a lot, I confirm :p | 19:43 |
lazyPower | Zic - thats the idea, you betchya | 19:43 |
Zic | my Naemon's metrics are curently just a bunch of curl to the K8s API status :/ | 19:44 |
Zic | for pods, nodes, services... | 19:44 |
Zic | it's kinda creep | 19:44 |
lazyPower | Zic - in the interrim there's always BEATS | 19:44 |
lazyPower | and with metricbeat you can create custom metrics fairly easily | 19:44 |
lazyPower | which could in turn handle that and stuff it in ES to be graphed with kibana | 19:44 |
Zic | Beats just sond like horrible earpods in my head | 19:45 |
Zic | do I miss something? :D | 19:45 |
lazyPower | elastic released golang based agent's to ship arbitrary metrics | 19:45 |
Zic | s/sond/sounds* | 19:45 |
lazyPower | Zic https://insights.ubuntu.com/2016/09/22/monitoring-big-software-stacks-with-the-elastic-stack/ | 19:45 |
Zic | "elastic stack" sounds as ELK now, ARGH! :p | 19:46 |
lazyPower | its the successor to ELK | 19:46 |
Zic | oh nice | 19:48 |
Zic | because my current Naemon checks looks like (ugly) this: `curl -sk https://<kubeapi-load-balancer/api/v1/pods | grep phase` for Pods status for example | 19:49 |
Zic | I'm trying to avoid grep and use "jq" instead, as it stdout is JSON | 19:49 |
lazyPower | yeah, metricbeat can just poll that whole json feed, and stuff it in ES | 19:49 |
lazyPower | you can then subquery in teh dashboard to make nice timeseries charts out of it. | 19:50 |
lazyPower | or do additional parsing in logstash, whatever your business logic is | 19:50 |
lazyPower | the idea is to be flexible and give you a swiss army knife to make meaningful reports based on whats important to you as an operator / analyst | 19:50 |
lazyPower | thats why i fell in love with beats, you dont have to code your app to integrate with it like you do with prometheus | 19:50 |
stormmore | well it is re-provisioned and running green for now, going to make a cup of tea and see if it can last at least that long | 19:51 |
Zic | my main concern is for alerting (we have TVs which displayed the current status of all our platforms at office) and mail-alerting/SMS for our on-call rotation | 19:51 |
lazyPower | stormmore - ok, thanks for doing the debug work, i'm concerned that theres a hidden dragon in here we've not encountered so therefore we aren't accounting for. | 19:51 |
lazyPower | you're the second user thats reported kubedns failures in < 1 month. its likely that release of the addon might just be hinky | 19:52 |
Zic | all these are linked to Naemon for now | 19:52 |
Zic | but as we're testing Prometheus of others platform, it will be nice to have it for CDK also :D | 19:52 |
Zic | s/of/for/ | 19:52 |
lazyPower | Zic - its future work but on the roadmap :) again, i'll ping ya when somethings brewing there | 19:52 |
lazyPower | happy to help you clean up addon services to replace with charms, because thats how we roll | 19:53 |
stormmore | not a problem, least I can do :) | 19:55 |
stormmore | although the bad good news might be that the rescheduled deployment might have solved the problem | 19:57 |
Zic | in any case, even if I don't have anymore CLBO or dnsmask maxconn reached on kube-dns, it continues to restart sometime, but as I scaled them, at least they are not restarting at the same time, so no unavailability : http://paste.ubuntu.com/24048434/ | 19:57 |
Zic | look at restarts column | 19:57 |
Zic | as lazyPower said, this kube-dns release seems to not be so stable :/ | 19:57 |
stormmore | so far I am not seeing any connection refused errors in the sidecar container which was what I was setting before | 19:58 |
lazyPower | stormmore - might be a sync issue :| | 19:59 |
lazyPower | i'm not impressed with this release of kubedns. when we circle back to the 1.5.3 release we'll grab the latest manifests for that rel and see if we can get this resolved via addon bumps | 19:59 |
lazyPower | but i'm not hopeful | 19:59 |
Zic | it's not blocking as I have like stormmore a hard CLBO before, now it's scaled, I just have some "instant-restart", and not all at the same time | 20:01 |
Zic | but it's weird :/ | 20:01 |
stormmore | does make me question the decision to use kubernetes / docker vs some lxd type environment right now | 20:02 |
stormmore | dns seems critical enough to me that it needs to be stable | 20:02 |
lazyPower | i'm sure if we gather enough info and bug it, that it'll get fixed | 20:03 |
lazyPower | we just need to find that root cause and get it contributed | 20:03 |
lazyPower | if its biting us, its biting other users | 20:03 |
lazyPower | and i'd rather not throw the baby out with the bath water :) but on that note stormmore - i'm more than happy to support you in a move to lxd as well. because LXD is the bees knees | 20:03 |
stormmore | oh agreed, questioning isn't going to keep me from figuring it out | 20:03 |
stormmore | lazyPower, I just need to do my research on Docker to LXD | 20:04 |
Zic | we're not planning to use Kubernetes and LXD at the same place here, we're using Kubernetes as PaaS (= our customer managed which pods are running, we are managing the deployment and the availability of the cluster) ; for full-managed infrastructure, we're curently using VMware ESXi or Proxmox, and LXD will be part of this list | 20:05 |
stormmore | lazyPower, from the little research I have done, outside of maybe Juju, LXD management / orchestration isnt as mature as k8s | 20:05 |
Zic | TL;DR: Kubernetes as Docker's orchestrator / LXD as hypervisor, even if LXD use LXC-component of containers, it's more like VMs | 20:07 |
Zic | the only things that have a "versus" to Kubernetes is Swarm or Rancher, with less features | 20:08 |
Zic | (we have some Rancher here, and our PoC of Swarm was not satisfying) | 20:08 |
stormmore | oh I definitely get that by management, I mean things like the kubenetes dashboard level maturity | 20:09 |
lazyPower | ehhhhhh | 20:09 |
lazyPower | not so sure i agree with that sentiment, but i'm clearly biased | 20:09 |
lazyPower | so i'll let you come up with your own conclusions, however lxd has been in prod here at canonical since release, and before that with lxc. flockport even wrote an entire hosting company based on lxc | 20:10 |
stormmore | lazyPower, don't get me wrong the juju gui is one of the nicest guis I have seen but it doesn't have the level of data that the kubernetes one does | 20:10 |
lazyPower | well sure, those are wildly different use cases | 20:11 |
lazyPower | the juju gui is only intended to be used for modeling your applications and then routine tasks. There hvae been many requests to integrate things like ssh in the browser, log aggregation, etc. | 20:12 |
lazyPower | i dont think we've had the manpower to promote that in priority however, as other things like model migrations and what not have taken precedence. | 20:12 |
Zic | I didn't touch the Juju webUI since I finished the deployment personally, I'm doing all post-stuff with the juju-cli only | 20:12 |
lazyPower | which are arguably larger / important features for the core of juju to have. | 20:12 |
lazyPower | yeah | 20:12 |
lazyPower | we find that most operators tend to do that | 20:12 |
Zic | and it was for our baremetal/manual installation | 20:13 |
lazyPower | myself included, i look at the juju ui during testing only or when i'm mocking something up quick to share. | 20:13 |
Zic | for labs, with conjure-up, I didn't use Juju WebUI at all | 20:13 |
lazyPower | but that being said | 20:13 |
lazyPower | comparing apples/oranges here :) | 20:13 |
lazyPower | i found this though | 20:13 |
lazyPower | https://github.com/aarnaud/lxd-webui | 20:14 |
lazyPower | i haven't used it, and it looks a bit long in the tooth- 9 months since last contri - however... looks neato | 20:14 |
stormmore | not faulting juju at all, just s saying from a cluster management perspective the kubernetes dashboard is awesome | 20:14 |
lazyPower | stormmore - well its a good thing we grabbed it for part of the CDK :D I'm happy i could deliver on that one | 20:14 |
lazyPower | stormmore - still no issues with kube-dns? | 20:15 |
Zic | here it's that way: LXD is used as an hypervisor (and have a take on Proxmox, VMware ESXi, KVM) even if it use LXC-container-echnologies-inside ; Juju is used as a tool to deployed and managed highly-complicated platform like K8s or OpenStack ; Kubernetes is used for a customer which come with "I have 100 docker running at a raw-dockerd, do you have something to orchestrate them and pass to production?" :) | 20:15 |
lazyPower | if its running idle as it should right now, i fear we're running into a race condition with the pods or a sync issue or something similar. Just keep that pipeline open and if you catch something dump the logs and lets bundle up for an issue, even if its inconclusive results. | 20:15 |
stormmore | lazyPower, Zic I use the command line more often than not for things but it is always nice to have readily available "pretty pictures" to show people | 20:16 |
stormmore | and lazyPower still green | 20:16 |
lazyPower | ok, sounds good. Thanks again, i'm going to context switch back into the etcd bits and focus on landing this multi-master PR | 20:17 |
lazyPower | ping me if you need anything. otherwise i'm resuming silent operation | 20:17 |
stormmore | yeah I am going to go back to determine my permissions issue solution | 20:17 |
Zic | lazyPower: the good thing I note for later is that you're at the middle of your office-day when I'm on-call rotation :p | 20:19 |
Zic | (it's 21:19 here o/) | 20:19 |
Zic | and I'm on-call this week :p | 20:19 |
stormmore | I can happily say I am not on call at the moment :) | 20:23 |
Zic | :D | 20:25 |
stormmore | oh that just means I have more time to architect and design environments for now | 20:43 |
cory_fu | jrwren: http://pastebin.ubuntu.com/24048767/ on the test now | 20:55 |
cory_fu | jrwren: And on the other MR: http://pastebin.ubuntu.com/24048870/ | 21:13 |
kwmonroe | petevg: i need your unit test guru status. i wanna unit test actions. my actions have hyphens in the name "do-stuff" wihtout a .py extension. that makes imports hard. my workaround is to have "do-stuff" import ./stuff.py, and call "stuff.action()". then i just unit test stuff.py. any better way? | 21:45 |
petevg | kwmonroe: Your way sounds pretty good. Not naming a python script "blah.py" is kind of an anti pattern, so the workaround isn't necessarily going to be pretty. | 21:47 |
petevg | kwmonroe: you could also copy the file to a temp dir, with a ".py" extension, and import it from there. | 21:48 |
petevg | kwmonroe: ... or you could try to hack on Python's import command, to make it work wit a non .py file. Shouldn't be too scary, but I don't know what you'd do off the top of my head. | 21:48 |
kwmonroe | omg petevg, i don't know why i talk to you. you went from "sounds pretty good" to "this is gonna hurt" in like 2 messages. | 21:49 |
petevg | Just trying to be helpful :-) | 21:49 |
kwmonroe | well i'm all for anti anti-patterns, but i don't belive actions can have a suffix, which makes this particularly annoying | 21:50 |
lazyPower | lib + wrapper, or action == executor action.py == library | 21:51 |
kwmonroe | i do appreciate the alternatives petevg! just giving you grief. also, it's 85F here in texas, i'm coding by the pool. how's shoveling your driveway going? | 21:51 |
lazyPower | i dont know what that would do tho, if you use foo executor and foo.py... if it would give you grief during import | 21:51 |
petevg | kwmonroe: The snow is actually basically melting, because it's kind of the same thing as being 85F here, relatively speaking :-p | 21:53 |
kwmonroe | wait lazyPower, i don't follow your == suggestions. are you suggesting symlink the action to action.py? | 21:53 |
petevg | Ooh. A temp symlink > temp file. | 21:53 |
lazyPower | symlinks would work | 21:54 |
lazyPower | slightly opaque, but doable | 21:54 |
kwmonroe | i know the bashism to call a method based on $0, but how do you do that in python? | 21:54 |
lazyPower | sys.argv[0] | 21:54 |
kwmonroe | nice | 21:55 |
kwmonroe | nm, i hate that for the same reason i hate trying to follow old charms with links to hooks.py. | 21:58 |
kwmonroe | i'll just shell out to "java -jar myaction.jar <func>" like matt taught me. | 22:00 |
Siva | I want to know number of units of a charm deployed in the charm code | 22:00 |
=== Siva is now known as Guest1503 | ||
Guest1503 | How can I find that? | 22:00 |
petevg | kwmonroe: it looks like there's a way to do it, no hacking needed, with the "imp" module. Or so says Stack Overflow: http://stackoverflow.com/questions/2601047/import-a-python-module-without-the-py-extension | 22:01 |
Guest1503 | I want to find out the ipaddress of all the peer units deployed. How can I find that from within the charm code? | 22:06 |
petevg | Guest1503: if the peers in the charm have a relation to each other, you can query the conversations in the relation. | 22:07 |
petevg | For an example, see the interface the Zookeeper charm uses to wrangle its peers at https://github.com/juju-solutions/interface-zookeeper-quorum/blob/master/peers.py | 22:08 |
petevg | Guest1503: this assumes that you're writing a layered charm using the reactive framework, and it does require writing an interface. If you have some trouble figuring out how everything works, I might be able to answer specific questions. cory_fu might be able to help you out, as well. | 22:09 |
Guest1503 | @petevg, I am not writing layered charms....normal charms based on the hooks | 22:11 |
petevg | Guest1503: I'm afraid that you've stepped outside of my area of expertise, then :-/ Does anyone else have any advice on doing interface style stuff in an older style charm? | 22:13 |
Guest1503 | @petevg, in my case I want to make sure I have all the peer ip's before I do some operation. The problem is how do I find out the num_units you specify in the bundle in the charm code? | 22:14 |
cory_fu | Guest1503: Either way, you will need to use a peer relation. On the <peer-relation-name>-relation-joined hook, you should be able to use `relation-get private-address` | 22:14 |
Guest1503 | @cory_fu, Yes that will work.. but for me I need a way to know if all the peer relation ip's have been fetched | 22:15 |
Guest1503 | How do I find that out? | 22:15 |
cory_fu | Or you could iterate over the peers in any hook using related-units, and call relation-get with an explicit relation-id and unit | 22:15 |
petevg | Guest1503: I'd consider refactoring so that your charm can handle an additional peer joining after you've done whatever processing that you're doing. Someone can add another peer with "juju add-unit" at any time, so the code will need to handle the case where you add a peer, anyway. | 22:16 |
cory_fu | What do you mean by "all the peers"? Each unit will be able to see all of the peers that are connected to it, though it might take a small amount of time before a new peer is connected to all of the other units | 22:17 |
cory_fu | Right, what petevg said. You can always add more units | 22:17 |
cory_fu | Or remove them | 22:17 |
Guest1503 | @cory_fu, say I deploy 3 units of a charm using a bundle... so you recommend the 'for' loop for peers in a some other hook rather than <peer_relation_joined _hook? | 22:18 |
petevg | Guest1503: the "best practice" pattern is "this hook/event fires off when I have a new peer on my relation, and I do the appropriate thing." There isn't really a "wait until all my peers have come up" event, because you can never be confident that the operator is done adding peers. | 22:19 |
petevg | Guest1503: so the <peer_relation_joined_hook> is the correct hook. It just needs to do the right thing whenever a new peer joins. | 22:19 |
petevg | Guest1503: in zookeeper's case, it writes out the peer to a list in a config file, then restarts the zookeeper daemon. | 22:20 |
petevg | cory_fu: if I want to grab the latest cwr-ci bundle, this invocation should do it, right? `charm pull cs:~bigdata/bundles/cwr-ci` | 22:41 |
petevg | (Or did we move it out of bigdata?) | 22:41 |
cory_fu | petevg: It's in ~juju-solutions | 22:42 |
petevg | ... and it's singular bundle, rather than plural. | 22:42 |
petevg | cory_fu: thx. | 22:42 |
petevg | Apparently, my bash history is all lies. | 22:42 |
jrwren | cory_fu: are you using a different lint tool? `make lint` returns nothing for me. | 22:42 |
cory_fu | jrwren: Lint is fine now, it's `make test` that's failing now. And the config-changed hook in the other MR | 22:43 |
jrwren | cory_fu: I can't repro that either. :( not saying its not happening though. I'm sure its something strange about my setup. Thanks for the fast feedback. I'll have fixes tomorrow. | 22:45 |
cory_fu | k | 22:45 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!