/srv/irclogs.ubuntu.com/2018/02/06/#juju.txt

=== frankban|afk is now known as frankban
gsimondonHi, is there a way to NOT use ncurses based UI during Canonical K8s installation?11:08
magicaltroutgsimondon: depends where you're trying to install it11:15
magicaltroutif you're doing a local LXD install you'd have some fun11:15
magicaltroutif you're doing a cloud based install, you can  juju bootstrap and then just juju deploy canonical-kubernetes11:16
magicaltroutyou don't have to use conjure up11:16
gsimondondoing bare metal11:19
gsimondon@magicaltrout all localhost, bare metal, multi node proof of concept installation11:20
gsimondon@magicaltrout but I don't want any UIs and I want to automate the process... without hacking around11:20
magicaltroutsorry gsimondon yeah in that case you can do what I do all the time11:55
magicaltroutand do a juju manual cloud bootstrap11:56
magicaltroutand then just place workloads on units11:56
magicaltrouthttps://jujucharms.com/docs/2.2/clouds-manual11:56
magicaltroutthat one11:56
magicaltroutthen i usually just look at https://api.jujucharms.com/charmstore/v5/canonical-kubernetes/archive/bundle.yaml11:57
magicaltroutand "juju deploy" the required services and then "juju add-relation" to join them up11:57
magicaltroutso if you have 5 baremetal servers you could do11:57
magicaltroutjuju deploy easyrsa --to 111:57
magicaltroutjuju deploy etcd --to 111:58
magicaltroutjuju deploy kubernetes-master --to 211:58
magicaltroutand so on11:58
magicaltroutthen11:58
magicaltroutjuju add-relation kubernetes-master etcd11:58
magicaltroutetc11:58
rick_hmagicaltrout: gsimondon to be fair, with the 2.3 work you can update the bundle machine numbers and use --use-existing12:12
rick_hto help automate it into a single bundle deploy now12:13
magicaltroutah yeah12:15
magicaltroutforgot about that12:15
rick_hlife-easier++12:17
gsimondonrick_h: magicaltrout, thanks a lot.15:30
kwmonroemagicaltrout: there's also conjure-up in headless mode.. if you specify the spell plus a cloud, c-u will do it's thing with all defaults selected.  it will try to bootstrap, but you can also specify a pre-existing controller... so if i have a bootstrapped controller called aws-e, this will do a headless deploy of k8s-core: conjure-up kubernetes-core aws/us-east-1 aws-e16:38
kwmonroei know gsimondon already left, so that's just an fyi for you magicaltrout.  you're welcome.16:38
kwmonroeaaaand docs, https://docs.ubuntu.com/conjure-up/2.2.0/en/usage#running-in-headless-mode16:39
rick_hkwmonroe: oooh, more learnings16:39
rick_hlol16:39
kwmonroerick_h: put that in your tips & tricks doc ;)16:40
kwmonroejk, i know you don't have one.16:40
rick_hkwmonroe: :P16:40
kwmonroehey cory_fu, what's a good convention for setting a new key with data_changed('foo', bar)?  i'm trying to avoid name collision.  do most people prefix the key with the layer name?  or does data_changed jam some uuid in front of the key already?17:03
kwmonroenm cory_fu, i see https://github.com/juju-solutions/charms.reactive/blob/master/charms/reactive/helpers.py#L144.  i will make my own uniqueness.17:08
kwmonroethough it's nice to know it's somewhat isolated with reactive.data_chagned.17:09
cory_fukwmonroe: Yeah, there's not really a way it could reliably do a uuid, so it's up to you, but it does have the built-in prefix and I'd recommend using the layer name as well17:23
kwmonroe+1 cory_fu17:24
=== frankban is now known as frankban|afk
arosalesmanual provider question on juju 2.319:57
arosalesI can `ssh ubuntu@<ip>` from my client machine19:57
arosalesbut from that same machine when I try to bootstrap the manual provider I get "Permissioned denied (publickey)"19:58
arosalesany tips in juju 2.3 and manual provider I should be aware of ?19:58
thumpero/ arosales20:04
thumperarosales: I only got the last two lines of your post... what is the issue?20:04
arosalesthumper: hello :-)20:11
arosalesthumper: https://paste.ubuntu.com/26531789/20:11
thumperarosales: um... did you try to bootstrap manual from within the machine itself?20:12
arosalesnope, client is on my laptop where ssh keys are20:13
arosalesbootstrap node is on DigitalOcean20:13
arosalesI also sshed into the target node and imported my ssh keys just to be sure20:13
arosalesconfusing part is I can ssh just fine from the same node I am trying to bootstrap from20:13
thumperarosales: when adding the ipaddress for the cloud20:15
thumpertry ubuntu@...20:15
yosefrowarosales, maybe its using the keys in ~/.local/share/juju/ssh20:15
arosalesfrom --debug I saw juju grabbing my key from ~/.ssh/id_rsa.pub20:18
arosalesbut perhaps it is not actually using it . .  .20:18
arosalesI can try to put my key into ~/.local/share/juju/ssh20:18
yosefrow@arosales, I wouldnt suggest overriding the key in ~/.local/share/juju/ssh because juju may have installed it elsewhere. Instead, you can try adding ~/.local/share/juju/ssh public key to the node you are trying to manually bootstrap20:19
yosefrowin the remote nodes authorized_keys file20:19
arosalesto confirm my understanding though if I can `ssh ubuntu@<ip>` then juju should be able to ssh to the same node, correct?20:20
yosefrow@arosales, this part isnt clear to me. But as i said if you are trying to troubleshoot. You can *try* to add the pubkey in ~/.local/share/juju/ssh to the authorized_keys file in the remote node. I honestly dont know why you cant ssh there20:24
yosefrowvia juju20:24
magicaltrouti ended up in a weird loop back ssh thing arosales a few months ago20:27
magicaltroutwhere the remote machine and my local machine had the same key20:27
magicaltroutand it got very confused20:27
arosalesyosefrow: the target node will not have ~/.local/share/juju/ssh initially20:28
arosalesit will just be stock ubuntu with my ssh key on it20:29
arosalesmagicaltrout: what did you do to resolve?20:29
thumperarosales: it is probably trying to use your name for the SSH key source on the target machine20:30
yosefrow@arosales, i meant to try to put the public key from your juju client machine folder ~/.local/share/juju/ssh into ~/.ssh/authorized_keys on the remote mahcine. but its just a shot in the dark20:30
thumperyou only entered the ip address of the machine (which admittingly is all it asked for)20:30
thumperbut I think you need to say ubuntu@59.65.74.15020:30
thumperubuntu@159.65.74.15020:31
arosalesthumper: ahhh, let me try that20:31
yosefrow@arosales, did you manually edit your target nodes ~/.ssh/authorized_keys?20:34
yosefrownevermind i saw earlier that you did20:34
magicaltroutjust juggled my keys around arosales20:34
arosalesthumper: https://paste.ubuntu.com/26531916/20:35
arosalesthumper: looking for ubuntu on my laptop now . .  .20:35
arosalesmagicaltrout: gotcha20:35
yosefrow@arosales, the issue was you were trying to use a hostname instead of ip?20:35
arosalesI was only using IP20:36
yosefrowaaah20:36
arosalesthumper suggested I append a user name20:36
yosefrow@thumper, arosales , this line is misleading: Enter the controller's hostname or IP address: ubuntu@159.65.74.15020:37
yosefrowit should probably say ssh login or user@hostname20:37
yosefrowseems like a kind of bug to me20:37
arosaleswell putting ubuntu@<IP> didn't work for me20:38
arosaleslooks for ubuntu on my local machine, which doesn't exist20:38
yosefrow@arosales, it looks like earlier you just tried ip and it failed, then you tried ubuntu@ip and then it worked. Is this correct?20:39
arosalesnegative20:39
arosalesdid _not_ work with ubuntu@ip20:40
yosefrow@arosales, try adding the user ubuntu20:43
yosefrowto the machine you are trying to add20:43
arosalesits there on the target controller20:43
arosalesI can `ssh ubuntu@<IP>`20:44
yosefrowfrom your current user?20:44
yosefrowthe same user you are using to bootstrap juju?20:44
arosalescorrect20:44
yosefrow@arosales, juju bootstrap manual/192.168.1.128 mycloud20:47
yosefrowhttps://jujucharms.com/docs/2.3/clouds-manual20:47
yosefrowso in your case juju bootstrap manual/159.65.74.150 po120:47
arosalesyosefrow: also tried that, and didn't work --- note you have to drop the last arg. In your command "po1"20:49
yosefrowwhy would you drop the last arg ?20:49
yosefrowwiki says to include it, doesnt it?20:49
arosalesyosefrow: https://paste.ubuntu.com/26531977/20:50
arosalesthe docs do, but alas20:50
yosefrowwhat version of juju are you using?20:50
arosales2.3.1-xenial-amd6420:50
yosefrowdocs for 2.3 say Usage: juju bootstrap [options] [<cloud name>[/region] [<controller name>]]20:52
yosefrow,20:52
arosaleslooks like a 2.3.2 may be out there. I'll see if that has the same results20:52
yosefrow@arosales, not $ juju bootstrap 159.65.74.150 manual/159.65.74.150 do20:52
yosefrowinstead do $ juju bootstrap manual/159.65.74.150 do20:52
arosalesyosefrow: did you see my pastbin?20:53
yosefrowyes you have an extra ip20:53
yosefrowin there20:53
arosalesah yes, my syntax error20:54
arosalessame perm error20:54
yosefrowpatebin?20:54
arosaleshttps://paste.ubuntu.com/26532007/20:54
arosalessame error with 2.3.2 and manually adding ~/.local/share/juju/ssh/juju_id_rsa.pub juju-client-key to the authorized_keys file for both root and ubuntu users on the target bootstrap node21:00
yosefrowhmmm21:01
yosefrowi did this before21:01
yosefrowand it was easy. thats why this is stumping me now21:02
yosefrowi wish i had documented it21:02
yosefrowlet me examine the error again21:02
arosalesno worries, yosefrow I appreciate the help21:02
arosalesI can add anyone's ssh key to this server if they want to try and bootstrap21:03
arosalesright now its just a test machine21:03
arosalesin theory juju just need ssh key access to the machine, which I thought it would get from ~/.ssh/21:03
arosalesobviously I am missing something21:04
yosefrowlook in ~/.local/share/juju for a file called environments21:04
yosefrowenvironments.yaml21:04
arosalesyosefrow: doesn't exist on my machine21:05
yosefrow@arosales, i see an archaic usage of bootstrap-user probably not used anymore in 2.321:11
* arosales nods21:12
yosefrowwhats your juju client user?21:12
yosefrowarosales?21:13
arosalesI believe so, how do I confirm?21:14
yosefrow`whoami`21:15
arosalesoh, just on the local machine -- yes "arosales"21:15
yosefrowmv ~/.juju to ~/.juju.bak, remove ubuntu user from the remote machine21:17
yosefrowlets start over21:17
yosefrowremove ubuntu user in remote machine if not needed21:18
yosefrow@arosales,21:19
yosefrowlet me know when you done it21:19
arosalesdone, I'll start with a fresh DO instance as well21:20
yosefrowsorry meant to say mv ~/.local/share/juju21:20
yosefrowto ~/.local/share/juju.bak21:20
yosefrowmv ~/.cache/juju to ~/.cache/juju.bak as well21:21
arosalesk, done21:22
yosefrowcreate a new manual cloud specify just the ip of the node u want to be controller21:24
arosalesk, done21:26
yosefrowssh-copy-id user@host-ip21:26
yosefrowto add ur key to new bootstrap node21:26
yosefrowthen ssh user@host-ip21:26
yosefrow@arosales,21:28
yosefrowwhich user are you using to login to the remote node?21:28
arosalesroot is the only user on the target controller node21:29
yosefrowyou added the key for root user?21:29
arosalesno I just added my ssh key when making the instance21:30
arosalesthat got added to the authorized_keys on the root account on the target machine21:30
arosalesso I can ssh root@<ip>21:30
yosefrowi have an idea21:31
kwmonroe;21:31
yosefrow@arosales,from root@remote-host$ adduser ubuntu; adduser ubuntu sudo; passwd ubuntu (set some passwd),. Then from juju client create a new cloud, add a new cloud, this time use ubuntu@159.65.74.150 instead of just the ip, ok then finally try to bootstrap to the second cloud21:33
yosefrowwhen it bootstraps it will login, then ask for a passwd21:34
yosefrowenter the passwd you created in the previous step21:34
yosefrowill brb to see how it goes21:34
arosalesI did that exact thing with https://paste.ubuntu.com/26531789/21:34
arosalesI then tried ubuntu@<ip> and that also failed per thumpers suggestion21:35
arosalesubuntu disables login via username/password by default. It seems juju ends up looking for a Ubuntu user locally to sudo to and fails21:36
yosefrow@arosales, show me the output from trying to login to the second cloud i said you should make, where the host is not just the ip but ubuntu@ip21:47
yosefrowEnter the controller's hostname or IP address: ubuntu@159.65.74.15021:48
yosefrowinstead of Enter the controller's hostname or IP address: 159.65.74.15021:48
yosefrow@arosales, last time your output was https://paste.ubuntu.com/26531916/. this time you should get the same output, except now, you should enter the password for ubuntu that you created in the previous step21:50
yosefrowit appears that juju is logging in successfully via ssh and then attempting to run a command on the remote host with sudo21:50
arosalesyosefrow: https://paste.ubuntu.com/26531916/21:51
yosefrowgreat21:51
yosefrowenter the password you created21:51
yosefrowon the remote host21:51
kwmonroearosales: when you're done messing around, use root@<do-ip> as your cloud.  https://paste.ubuntu.com/26532245/21:52
arosalesthanks kwmonroe that worked21:54
arosalesyosefrow: complained about Ubuntu not being in sudo file, but I think I could have added it and it may have worked21:54
arosalesroot worked with out having to mess with Ubuntu21:55
kwmonroei'm sure adding the ubuntu user first and doing key mgmnt will probably get ya there, but since DO gives you root and jams your key in there, i say use it!  with metldown and spectre, logging in as root across the internet is the least of your worries ;)  now where's my $5 arosales?21:55
arosaleskwmonroe: put it on my tab21:56
kwmonroeha!21:56
yosefrow@arosales, ubuntu complained because you probably skipped `adduser ubuntu command"21:56
yosefrow@kwmonroe, has a good workaround, but personally i prefer not directly ssh as root21:57
kwmonroeyeah yosefrow, i didn't mean to interrupt there, but you guys were messing up my backscroll.21:57
magicaltrouti'll mess up your backscroll21:57
yosefrowlol21:58
kwmonroegah!21:58
yosefrowkwmonroe, i thought the point of this chat was to demonstrate how to solve juju related issues and other juju related chat21:58
arosalesyosefrow: thanks or sticking with it for me21:58
yosefrowshould i have answered him in private messages?21:58
arosalesyosefrow: kwmonroe  can tell you I am a tough customer21:58
arosalesnext charmer summit I'll buy beers21:58
yosefrow@arosales, I still think you should do it the way I suggested if you want to follow best practices21:58
arosaleswere you guys at config mgmt camp?21:58
yosefrowbut if you want a quick solution then kwmonroe is 100% correct21:59
yosefrow@arosales, wasnt there21:59
kwmonroeyosefrow: i was totally messing around -- and no, you don't want to get arosales in a PM.  what you guys were walking through was all good.21:59
yosefrowkwmonroe, ah ok xD21:59
yosefrow@kwmonroe, i might write a blog post about this chat soon22:00
yosefrowwe'll see22:00
arosalesyosefrow: I can see the light at that tunnel, the odd thing was that I had created the ubuntu user and added "ubuntu" to the sudoers via `usermod -aG sudo ubuntu`22:00
arosalesbut not dice22:00
kwmonroeyosefrow: +1, and if you do, arosales will send you $522:00
arosalesbut most likely fat fingered it.22:00
arosaleskwmonroe: lol22:00
arosalesin IOUB22:01
yosefrow@arosales, thats quite strange22:01
yosefrow@arosales, ok well in that case nevermind. the cake goes to @kwmonroe22:02
yosefrowi was certain that should work22:02
yosefrow@kwmonroe, save me a slice of cake22:02
kwmonroeso it looks like the manual provisioner really wants to add the ubuntu user:  https://github.com/juju/juju/blob/develop/provider/manual/provider.go#L3022:04
kwmonroethat calls out to https://github.com/juju/juju/blob/develop/environs/manual/sshprovisioner/sshprovisioner.go#L31, which lists the preconditions which will skip that init22:04
kwmonroeyosefrow: arosales, so i think the key takeaway might be that arosales' ubuntu user needed to have passwordless sudo access.22:05
kwmonroeanyway, root4life22:05
yosefrow@kwmonroe, rootkits4life :P22:05
kwmonroelol22:05
arosalesman kwmonroe reading Go code now ;-)22:05
kwmonroenah, i just have thumper in a side channel telling me what to type22:06
arosalesyou must have stopped drinking early PM brews22:06
kwmonroethem's fightin words22:06
arosalesrofl22:06
yosefrow@arosales, if you want to do with ubuntu user take kwmonroe suggestion and `visudo`. then https://serverfault.com/questions/160581/how-to-setup-passwordless-sudo-on-linux22:06
yosefrowi suspected as much as well22:06
yosefrowi honestly forgot how i got it to work last time, but probably like that22:07
yosefrow@kwmonroe, did thumper get pissed off with me banging my head against the wall trying to help @arosales ?22:07
arosalesthat makes sense since I could sudo apt get with the ubuntu user, but failed when Juju tried22:08
yosefrow@kwmonroe, arosales anyway that was interesting. Glad we found a solution. laters22:09
kwmonroeyosefrow: no, thumper doesn't get pissed.  he writes go.  good time today, have a good one!22:11
arosalesthanks yosefrow, kwmonroe, magicaltrout, and thumper for the help22:13
* thumper was on calls, soryr22:17
yosefrowwb thumper22:18
cory_fustub: Hey, could you update juju-wait on pypi to match the snap, please, when you get a chance?22:19

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!