/srv/irclogs.ubuntu.com/2020/01/13/#juju.txt

thumperhttps://github.com/juju/juju/pull/11095 for someone01:35
thumperand another, https://github.com/juju/juju/pull/1109603:15
tlmtaking a look03:20
thumpertlm: happy to answer any questions here if it helps03:23
tlmthumper, first PR lgtm, second one looks good as far as code but don't have enough context around it for logic. Happy to approve first one if you want?03:42
manadartForward merge - only 2 patches: https://github.com/juju/juju/pull/1109810:34
flxfooHi all10:35
flxfooQuick question...10:36
flxfooabout permissions10:36
flxfoothrough python-juju (script) If I connect with user credential and cert pem, is there restriction for that user to run even a simple "run('uname -a')" on a remote machine?10:37
manadartflxfoo: Only admin users can execute "juju run...".10:47
flxfoomanadart: ok thanks...10:57
flxfoomanadart: If I have an admin user, that should be fine right? (I want to have a script to do backup cron based or so)10:58
manadartflxfoo: Yes, I believe so.10:59
flxfoomanadart: many thanks11:02
=== narindergupta is now known as narinderguptamac
nammn_deachilleasa: in for a quick rev? https://github.com/juju/charm/pull/30214:15
achilleasanammn_de: sure14:32
nammn_deachilleasa: good point! What do you think about fallback to "path" in case that happens?14:40
achilleasanammn_de: why do we need abs path in the first place?14:41
nammn_deachilleasa: Last time I introduced the "path" as  this helps debugging in case something bad happens. We had some cases where fde or customers were confused that charm had not version output. Showing the path should help14:43
nammn_deat least was discussing that with rick_h as far as i can remember :D14:43
nammn_debut now debugging it myself I realized that some paths can be relative.14:44
nammn_deand I do think using absolute ones would help in those cases at least imo14:44
achilleasanammn_de: I believe that you should return the error if you cannot figure out an abs path. It probably means that the thing you passed into filepath.Abs is garbage14:57
nammn_deachilleasa: hmm makes sense as well, was too conserative14:58
achilleasanammn_de: approved15:14
achilleasaare you targeting 2.7 for these changes?15:14
nammn_deachilleasa: doesnt need to be, but I planned to do so15:14
nammn_deanything I need to look out for?15:14
hmlachilleasa:  quick review pls?  https://github.com/CanonicalLtd/juju-qa-jenkins/pull/364. :-)15:24
hmlachilleasa: i’m tempted to move the restore-backup tests as well, though they need improvements.15:30
achilleasahml: looking15:30
nammn_deachilleasa want to look at the corresponding 2.7 merge? https://github.com/juju/juju/pull/1110417:05
nammn_de*pr not merge17:06
achilleasan17:08
achilleasanammn_de: looking17:08
=== _thumper_ is now known as thumper
lucidoneHi, is it possible to offer an application (e.g mysql) as a CMR in a way that it can be consumed by a model on a separate network?22:58
lucidoneMainly wondering if it can be done through the machines public IP address instead of using a VPN23:00
babbageclunklucidone: I *think* so - wallyworld will know for sure?23:04
babbageclunkthumper: forwarder metrics: https://github.com/juju/juju/pull/1110923:20
wallyworldlucidone: so long as the traffic is routable between machines... any consuming app has to be able to reach the offer, and the consuming controller needs to be able to reach the offering controller23:20
lucidoneRight, in this case the traffic isn't routable as mysql offers itself using the private IP of the LXC container afaik. Should it be possible to expose mysql and then offer it using that exposed interface?23:24
wallyworldyou don't expose an interface - juju expose opens any ports specified by the charm to 0.0.0.023:26
wallyworldwhat we need here is a way to put into relation data the offered apps "public" ip address23:27
wallyworldand i don't think that's possible currently since that public ip addtess is obtained from the host machine's address23:28
wallyworldone way would be to use a charm which has charm config to allow the user to override the advertised ip23:29
wallyworldso instead of the charm using the ingress address info from the network-get hook command, it would use whatever the user has configured it to use23:31
tlmcould also setup the lxd network to use real routable addresses. That way what it reports is not a NAT address?23:31
lucidoneI saw this in the mysql charm too. So looks like it explicitly builds the connection string from the private address  https://github.com/juju-solutions/charm-mysql/blob/master/hooks/db-relation-joined#L5123:33
wallyworldueah, and unit-get private-addres is way deprecated23:34
wallyworldthe mysql charm is a bi orphaned23:34
wallyworldi think percona-cluster charm is more up to date23:34
lucidoneAh right, ideally we sort out the postgres charm anyway - so the charm specific stuff isn't a huge issue. Was just thinking there would be some juju magic that would make things work, but guess the solution here is to patch networks together with VPNs?23:36
wallyworldjuju can't guess network rouability etc, so needs to be suitable configured, and that falls on the charm. so yeah, whatever works23:37
wallyworldpostgresql charm is being sorted, but not sure of the time frame. soon i hope23:38
lucidoneSweet, cheers for that. Also side question about juju expose <app> .. Is it possible / are there plans to support opening up to specific IP/ranges instead of 0.0.0.0/0 ?23:41
wallyworldyes :-)23:41
wallyworldthis cycle i think23:41
wallyworldcmr already suports that23:42
lucidoneSweet :D23:42
wallyworldbut general charms not yet23:42
wallyworldjuju set-firewall-rule is used to set a CIDR list for cmr offer firewall rules23:43

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!