/srv/irclogs.ubuntu.com/2020/01/13/#juju.txt

thumper	https://github.com/juju/juju/pull/11095 for someone	01:35
thumper	and another, https://github.com/juju/juju/pull/11096	03:15
tlm	taking a look	03:20
thumper	tlm: happy to answer any questions here if it helps	03:23
tlm	thumper, first PR lgtm, second one looks good as far as code but don't have enough context around it for logic. Happy to approve first one if you want?	03:42
manadart	Forward merge - only 2 patches: https://github.com/juju/juju/pull/11098	10:34
flxfoo	Hi all	10:35
flxfoo	Quick question...	10:36
flxfoo	about permissions	10:36
flxfoo	through python-juju (script) If I connect with user credential and cert pem, is there restriction for that user to run even a simple "run('uname -a')" on a remote machine?	10:37
manadart	flxfoo: Only admin users can execute "juju run...".	10:47
flxfoo	manadart: ok thanks...	10:57
flxfoo	manadart: If I have an admin user, that should be fine right? (I want to have a script to do backup cron based or so)	10:58
manadart	flxfoo: Yes, I believe so.	10:59
flxfoo	manadart: many thanks	11:02
=== narindergupta is now known as narinderguptamac
nammn_de	achilleasa: in for a quick rev? https://github.com/juju/charm/pull/302	14:15
achilleasa	nammn_de: sure	14:32
nammn_de	achilleasa: good point! What do you think about fallback to "path" in case that happens?	14:40
achilleasa	nammn_de: why do we need abs path in the first place?	14:41
nammn_de	achilleasa: Last time I introduced the "path" as this helps debugging in case something bad happens. We had some cases where fde or customers were confused that charm had not version output. Showing the path should help	14:43
nammn_de	at least was discussing that with rick_h as far as i can remember :D	14:43
nammn_de	but now debugging it myself I realized that some paths can be relative.	14:44
nammn_de	and I do think using absolute ones would help in those cases at least imo	14:44
achilleasa	nammn_de: I believe that you should return the error if you cannot figure out an abs path. It probably means that the thing you passed into filepath.Abs is garbage	14:57
nammn_de	achilleasa: hmm makes sense as well, was too conserative	14:58
achilleasa	nammn_de: approved	15:14
achilleasa	are you targeting 2.7 for these changes?	15:14
nammn_de	achilleasa: doesnt need to be, but I planned to do so	15:14
nammn_de	anything I need to look out for?	15:14
hml	achilleasa: quick review pls? https://github.com/CanonicalLtd/juju-qa-jenkins/pull/364. :-)	15:24
hml	achilleasa: i’m tempted to move the restore-backup tests as well, though they need improvements.	15:30
achilleasa	hml: looking	15:30
nammn_de	achilleasa want to look at the corresponding 2.7 merge? https://github.com/juju/juju/pull/11104	17:05
nammn_de	*pr not merge	17:06
achilleasa	n	17:08
achilleasa	nammn_de: looking	17:08
=== _thumper_ is now known as thumper
lucidone	Hi, is it possible to offer an application (e.g mysql) as a CMR in a way that it can be consumed by a model on a separate network?	22:58
lucidone	Mainly wondering if it can be done through the machines public IP address instead of using a VPN	23:00
babbageclunk	lucidone: I think so - wallyworld will know for sure?	23:04
babbageclunk	thumper: forwarder metrics: https://github.com/juju/juju/pull/11109	23:20
wallyworld	lucidone: so long as the traffic is routable between machines... any consuming app has to be able to reach the offer, and the consuming controller needs to be able to reach the offering controller	23:20
lucidone	Right, in this case the traffic isn't routable as mysql offers itself using the private IP of the LXC container afaik. Should it be possible to expose mysql and then offer it using that exposed interface?	23:24
wallyworld	you don't expose an interface - juju expose opens any ports specified by the charm to 0.0.0.0	23:26
wallyworld	what we need here is a way to put into relation data the offered apps "public" ip address	23:27
wallyworld	and i don't think that's possible currently since that public ip addtess is obtained from the host machine's address	23:28
wallyworld	one way would be to use a charm which has charm config to allow the user to override the advertised ip	23:29
wallyworld	so instead of the charm using the ingress address info from the network-get hook command, it would use whatever the user has configured it to use	23:31
tlm	could also setup the lxd network to use real routable addresses. That way what it reports is not a NAT address?	23:31
lucidone	I saw this in the mysql charm too. So looks like it explicitly builds the connection string from the private address https://github.com/juju-solutions/charm-mysql/blob/master/hooks/db-relation-joined#L51	23:33
wallyworld	ueah, and unit-get private-addres is way deprecated	23:34
wallyworld	the mysql charm is a bi orphaned	23:34
wallyworld	i think percona-cluster charm is more up to date	23:34
lucidone	Ah right, ideally we sort out the postgres charm anyway - so the charm specific stuff isn't a huge issue. Was just thinking there would be some juju magic that would make things work, but guess the solution here is to patch networks together with VPNs?	23:36
wallyworld	juju can't guess network rouability etc, so needs to be suitable configured, and that falls on the charm. so yeah, whatever works	23:37
wallyworld	postgresql charm is being sorted, but not sure of the time frame. soon i hope	23:38
lucidone	Sweet, cheers for that. Also side question about juju expose <app> .. Is it possible / are there plans to support opening up to specific IP/ranges instead of 0.0.0.0/0 ?	23:41
wallyworld	yes :-)	23:41
wallyworld	this cycle i think	23:41
wallyworld	cmr already suports that	23:42
lucidone	Sweet :D	23:42
wallyworld	but general charms not yet	23:42
wallyworld	juju set-firewall-rule is used to set a CIDR list for cmr offer firewall rules	23:43

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!