[01:02] <Budgie^Smore> I just found the "inspiration" for hardening maas once I have my cluster bootstrapped :)
[01:13] <stormmore> ok that feels better... weird how not having a tool really puts you off your game
[01:39] <stormmore> hey lazyPower have you seen the ATT Community Development github repos?
[08:01] <ybaumy> hi. im trying to deploy openstack with juju charms which creates containers inside containers. but somehow the permissions are not inherited
[08:01] <ybaumy> im using xenial
[08:03] <ybaumy> show-machine says for the containers that creating container: failed to change ownership of /var/lib/lxd/containers/juju.../rootfs
[08:24] <ybaumy> i set security.nesting to true but that doesnt change the behaviour
[09:06] <lazyPower> ybaumy: are you using zfs pools?
[10:01] <ybaumy> lazyPower: no
[10:32] <ybaumy> i filled a bug report to see what the devs says to this
[13:57] <ybaumy> so i read i had to do an lxd init to correctly inherit permission from the parent container. i thought maybe i could trick the deployment in setting up the machines manually and then starting the deploy process. but the deploy just created new machines and didnt use the ones i setup
[13:57] <ybaumy> so same result
[13:59] <ybaumy> there is a -to parameter for deploy but i dont know how to say .. like use machine from o1-5
[14:01] <ybaumy> does anyone know how to bind bundles to a set of machines?
[14:06] <ybaumy> is there somebody online from the devs in my timezone?
[14:06] <ybaumy> which is CET
[15:13] <rick_h> ybaumy: bundles don't support existing machines as that makes them not a reusable model.
[15:14] <rick_h> ybaumy: there's a feature item to make that part of the deploy command so you can map the machines in a bundle to existing machines in a clean wau
[15:14] <rick_h> way
[15:14] <rick_h> But it's not available yet
[15:25] <ybaumy> rick_h: can you explain me if its a bug that permissions are not correctly inherited in a container->container model
[15:26] <rick_h> Permissions of what?
[15:26] <rick_h> ybaumy: ^
[15:26] <ybaumy> show-machine says for the containers that creating container: failed to change ownership of /var/lib/lxd/containers/juju.../rootfs
[15:26] <ybaumy> like 0/lxd/0
[15:27] <ybaumy> thats the problem im having
[15:27] <rick_h> ybaumy: out of the box juju does not support nested containers with the default lxd profile. Doing so is a security concern. Lxd ships a a different profile for that use case.
[15:27] <ybaumy> rick_h: so what can i do?
[15:28] <rick_h> ybaumy: I know conjure-up and the lxd on OpenStack work (novalxd) do some updates to the profile to work.
[15:28] <ybaumy> rick_h: i got conjure-up working but i wanted to try juju deploy
[15:29] <ybaumy> rick_h: but i can live with that ... if there is no way
[15:29] <rick_h> ybaumy: https://insights.ubuntu.com/2016/12/07/lxd-2-0-lxd-and-openstack-1112/ and some other notes with the OpenStack bundles/etc have some instructions
[15:30] <rick_h> https://github.com/openstack-charmers/openstack-on-lxd/blob/master/README.md
[15:30] <rick_h> ybaumy: I'd check out ^ as that comes from the team working on those OpenStack charms
[15:31] <ybaumy> rick_h: ok i will. thanks for the links.
[15:31] <rick_h> ybaumy: good luck
[15:31] <ybaumy> thx
[16:31] <ybaumy> im now trying vmware + juju lets see how to deploy openstack there
[16:43] <ybaumy> rick_h: this looks much better ... no permission problems here. i should have tried that in the first place
[16:53] <ybaumy> but too bad. the install hooks are exiting with error
[16:53] <ybaumy> i guess i have to manually roll it out
[16:59] <rick_h> ybaumy: what's the install hook errors?
[17:05] <ybaumy> rick_h: i checked one server and it says in the machine.log in /var/log/juju that no kvm containers are possible
[17:05] <ybaumy> rick_h: it then exits with 1
[17:07] <ybaumy> that was on node 0 .. on node 1 i see the same message but also lxd init messages
[17:08] <ybaumy> rick_h: its not possible in this state to run lxd init. which i understand since a lxd instance is already running
[17:12] <ybaumy> i get the KVM message on every node
[17:15] <ybaumy> btw im using xenial stable... should i switch to beta?