| myrat | wassup guys | 07:01 |
|---|---|---|
| TheAbsentOne | Hey everyone, I need some help from a pro charmer. I have a charm (A) that uses the pgsql interface to communicate with the postgres charm (P). I know want A to be able to change the postgres pg_hba.conf (I want to add an entry). What is the best way to do this? No postgres library allows me to edit this file it seems :/ Is it possible for a charm to change a file on a remote charm? | 09:43 |
| TheAbsentOne | I should probably ping stub for that question. Is it possible for another charm (so not the postgresql) to edit the pg_hba.conf? So no manual (ssh) steps are needed? | 11:32 |
| === TAO is now known as Guest13252 | ||
| === Guest85905 is now known as zeus | ||
| === beisner is now known as beisner-sick | ||
| stub | TheAbsentOne: No. If a subordinate charm did make a change, the main PostgreSQL charm would stomp on it. There is the extra_pg_auth charm config option, but charms can't set their own or other's charm config. | 13:29 |
| stub | I think you will need to connect your charms to pgbouncer rather than directly to PostgreSQL. pgbouncer doesn't do IP address checks, so if a charm leaks credentials to another charm, the other charm will also be able to connect via pgbouncer using them. | 13:33 |
| TheAbsentOne | stub: and is there a way (without looking at postgres) for a charm to edit a config file remotely? That would solve it too. I'm not sure how pgbouncer works, I'll look into it later todat | 14:49 |
| gnuoy | cory_fu, I think https://bugs.launchpad.net/juju/+bug/1738614/comments/10 is the issue with libjuju ci | 15:12 |
| mup | Bug #1738614: LXD pool already exists <lxd-provider> <storage> <juju:Incomplete by ecjones> <https://launchpad.net/bugs/1738614> | 15:12 |
| TheAbsentOne | stub: could you also tell me how it actually works. I connect to pgbouncer as if it was postgresql charm through the pgsql interface; I use set_database to request a database and then what? What happens in terms of auhentication? What does the pgbouncer and the postgres charms actually do? | 15:42 |
| stub | TheAbsentOne: A subordinate charm is cohosted, so can edit all local config files. Charms need to cooperate to do this though, or they will stomp on each other. A remote charm cannot edit anything on a unit it is related to - that would be a security hole. The remote charm can only ask on the relation for some operation to occur, which requires a protocol that supports it. | 15:42 |
| stub | TheAbsentOne: The pgbouncer charm is a proxy, and to your clients just looks like PostgreSQL. It talks the same protocol to the clients. | 15:43 |
| stub | TheAbsentOne: The difference is that pgbouncer does not support IP address restrictions. | 15:43 |
| TheAbsentOne | stub: So that means that the postgres user, that is created when the set_database request occurs, can access the database from whatever host then? | 15:45 |
| stub | TheAbsentOne: So if your unit is related to PostgreSQL, only your unit (and subordinates) can use the credentials it hands out. But if your unit is related to pgbouncer, any unit can use the credentials it hands out. | 15:45 |
| stub | yes | 15:45 |
| stub | A security limitation, but a helpful one in your case. | 15:46 |
| TheAbsentOne | Ah I see, I'm gonna test it out, a huge thanks stub! And maybe (it's a very small maybe) I will pull your repo and try to implement the feature request but I doubt I will succeed :P | 15:46 |
| TheAbsentOne | correct it's not the optimal solution, the feature request on the interface would be the perfect scenario! | 15:46 |
| TheAbsentOne | thanks again sir stub! | 15:47 |
| stub | Sure. I've been buried in Cassandra, and won't be back on PostgreSQL for a bit (I've got automatic failover half done, so that is up next) | 15:47 |
| stub | There is now a published Cassandra interface, if it was you who was asking the other week. | 15:48 |
| TheAbsentOne | ohn would you mind sharing your cassandra repo? Or is it not online yet? You created an interface? | 15:48 |
| TheAbsentOne | yeah x) | 15:48 |
| stub | interace:cassandra now works in your layer.yaml, per https://github.com/stub42/interface-cassandra | 15:49 |
| TheAbsentOne | I might try to add cassandra support to my charm then as well, good stuff | 15:49 |
| stub | https://git.launchpad.net/cqlsh-charm/tree/ is a simple charm that uses it | 15:49 |
| stub | (cs:~cassandra-charmers/cqlsh ) | 15:50 |
| TheAbsentOne | awesome I look into it after I fix postgres and mysql! | 15:50 |
| === dannf` is now known as dannf | ||
| cory_fu | jamespage: You around? I've been requested to facilitate a charm-helpers release for the goal_state helper. | 16:17 |
| TheAbsentOne | I want to install this on a charm: https://github.com/PyMySQL/PyMySQL, since it's installable through pip I thought adding a wheelhouse.txt with the name (pymysql) was enough. What am I forgetting? :/ | 17:19 |
| kwmonroe | TheAbsentOne: that should be it. charm build after you update the wheelhouse.txt should stick that in the output ./wheelhouse directory, which gets installed at charm deploy time. | 18:07 |
| TheAbsentOne | kwmonroe: it seems no archive was created in the wheelhouse dir any idea how I can solve this? | 18:37 |
| TheAbsentOne | kwmonroe: nvm I have no explenation but I redid a build and it is fine, I think I didn't put the wheelhouse.txt where it belonged or something | 18:40 |
| TheAbsentOne | thanks man! | 18:40 |
| kwmonroe | np, glad it's there now | 18:42 |
| TheAbsentOne | kwmonroe: what was the best/easiest way to fetch the IP app of the charm where I (another charm) has a relation with? | 19:15 |
| kwmonroe | TheAbsentOne: if you're dealing with a python charm that includes charmhelpers, use the hookenv network_get: https://github.com/juju/charm-helpers/blob/master/charmhelpers/core/hookenv.py#L1157 | 19:25 |
| kwmonroe | TheAbsentOne: here's a sample: https://git.launchpad.net/postgresql-charm/tree/reactive/postgresql/client.py#n350 | 19:27 |
| Guest25856 | hi | 20:10 |
| TheAbsentOne | perfect kwmonroe gonna try now, thanks! | 20:15 |
| TheAbsentOne | stub: I tried pgbouncer but I end up with the same thing. "Unable to connect to PostgreSQL server: FATAL: pg_hba.conf rejects connection for host..." Not sure what I'm missing here | 20:57 |
| TheAbsentOne | also kwmonroe I'm not getting it to work buddy; ip = hookenv.network_get(endpoint) ; ip["ingress-addresses"][0] for the actual ip right? Or am I messing things up? :/ | 21:11 |
| TheAbsentOne | welp it's gonna be for in a couple of hours gonna catch some Zzzz's | 22:05 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!