[08:42] <sou> Hey good people, I am trying to enable TLS for openstack endpoints. For this purpose I am using vault as the CA, and trying to use https://docs.openstack.org/project-deploy-guide/charm-deployment-guide/latest/app-certificate-management.html . But signing the CSR step is confusing. It does not say how to generate .pem file. Do we have any other
[08:42] <sou> document which I can use to setup TLS for keystone using vault as the CA!
[08:42] <sou> Appreciate any tips/steps/documents.
[08:42] <sou> Thanks!
[08:43] <wallyworld> sou: you will most likely have more luck asking in #openstack
[08:49] <sou> Thanks wallyworld. As the document mentions charms, I added my concern here. Let me check in #openstack!
[08:52] <wallyworld> sou: yes, fair call. the folks who write the openstack charms tend not to hang out here so much. if you dn't get any luck in @openstack, there's a discourse forum you can try (i'd need to look up the address)
[08:54] <sou> Sure. Many thanks!
[09:47] <stickupkid> manadart, achilleasa SUPER EASY ONE https://github.com/juju/juju/pull/11919
[10:06] <soutr> .
[10:13] <stickupkid> manadart, achilleasa another one
[10:13] <stickupkid>  https://github.com/juju/juju/pull/11920
[10:22] <achilleasa> stickupkid: aren't we installing mongo via snap?
[10:23] <stickupkid> achilleasa, you wish
[10:23] <stickupkid> achilleasa, this is for testing
[10:23] <achilleasa> why not? shouldn't we install the version actually installed when bootstrapping?
[10:23] <stickupkid> achilleasa, but that's dependant on version
[10:24] <stickupkid> achilleasa, also I'm unsure how snaps will behave on github actions, i.e. in a container/chroot thing
[10:25] <stickupkid> achilleasa, I'm not sure I want to go down that rabbit hole
[10:25] <stickupkid> achilleasa, keep in mind we should always work with the lowest common mongo, as we never upgrade our mongos
[10:25] <stickupkid> achilleasa, (unless you do upgrade series maybe?)
[10:26] <achilleasa> since we maintain our own juju-db, can't we tar.gz it and curl | tar it?
[10:26] <stickupkid> life
[10:26] <stickupkid> achilleasa, but we don't really
[10:26] <achilleasa> but this is just the client tests right?
[10:26] <stickupkid> yeah
[10:26] <achilleasa> ok, cool then
[10:26] <stickupkid> we use the packaged one with the os
[10:27] <stickupkid> i.e. the apt one and make install-dependencies gets that latest one for us
[10:27] <stickupkid> we just have to blast away what ever is there
[10:27] <achilleasa> but latest is not really latest now is it?
[10:28] <stickupkid> because github "decided" that it will install a FUCK TON of crap software when what I really want is ubuntu
[10:28] <achilleasa> I mean due to the licensing issues
[10:28] <stickupkid> HA
[10:28] <stickupkid> yeah, yeah
[10:28] <stickupkid> you get all this bullshit when you request ubuntu https://github.com/actions/virtual-environments/tree/main/images/linux/scripts/installers
[10:29] <stickupkid> I already brought this up with the powers that be, that if I requested ubuntu, I should just get ubuntu, not that fucking shit show
[10:29] <stickupkid> why the fuck do I want php
[10:29] <stickupkid> and node
[10:30] <stickupkid> they don't even have maas, juju, etc and they're canoncial products jeez
[10:37] <SpecialK|Canon> As a GitHub Actions user I'm more likely to want PHP in my environment than I am MAAS
[10:38] <SpecialK|Canon> but some of the versions can sure be surprising
[10:38] <stickupkid> but you should ask for it, not be given it
[10:41] <stickupkid> SpecialK|Canon, I'd rather have this https://paste.ubuntu.com/p/f55QkrbsWH/
[10:43] <SpecialK|Canon> stickupkid: I know which one I'd rather implement the caching for ;)
[10:43] <stickupkid> I know why they do it though, so they can cache the hell out of the image
[10:43] <SpecialK|Canon> (But I see your point as a user)
[10:44] <stickupkid> SpecialK|Canon, yeah, but ubuntu is a brand, it's expected to perform exactly the same for every installation, this changes that. I'm now not getting "ubuntu", I'm getting ubuntu with stuff that I have to horse around with to get me to a more stock ubuntu
[10:45] <stickupkid> that's my main issue... caching is a github issue, not a user one
[11:20] <manadart> stickupkid achilleasa: This is patch I have been discussing at standup: https://github.com/juju/juju/pull/11921
[11:20] <stickupkid> manadart, will look
[11:30] <stickupkid> manadart, ho? got questions
[11:32] <manadart> stickupkid: Yep, gimme a couple.
[14:07] <stickupkid> manadart, Q&A went well, although slow
[14:07] <stickupkid> manadart, another question though
[14:07] <manadart> stickupkid: Yup?
[14:08] <stickupkid> in the database I'm looking at and the PR description, there is now a "type", is this an migration step, or do we not care?
[14:08] <stickupkid> ah no wait, I'm blind
[14:09] <stickupkid> manadart, tick
[14:10] <manadart> stickupkid: Ta.
[15:42] <achilleasa> stickupkid: or hml quick CR for a help text change? https://github.com/juju/juju/pull/11922
[15:42] <hml> achilleasa:  looking
[15:48] <hml> achilleasa:  one suggestion for the change.
[16:10] <achilleasa> hml: It was easier to just rewrite the help text. Can you take another look?
[16:11] <hml> achilleasa:  sure
[16:12] <hml> stickupkid: review please: https://github.com/juju/juju/pull/11923. it’s not really 1k lines, there are mock files and json schema changes.
[16:12] <stickupkid> hml, k
[16:13] <hml> stickupkid: I’ll do the TODO once i get the whole thing wired up
[16:13] <hml> in the next pr
[16:14] <hml> achilleasa:  I like the new write up,  any concerns that this does not follow the other help msgs with a specific examples section?
[16:16] <stickupkid> hml, do we need Resolve for charm hub?
[16:16] <hml> stickupkid: we will, need to figure out where to put it and what it should contain.  that’s my next step
[16:17] <hml> i’m thinking just the charmhub package
[16:18] <stickupkid> hml, done
[16:20] <hml> stickupkid: ho?
[16:20] <stickupkid> sure
[16:22] <achilleasa> hml: no idea :D
[16:23] <achilleasa> petevg: ^^^ thoughts on https://github.com/juju/juju/pull/11922 re: Heather's comment?
[16:24] <achilleasa> hml: actually I should change the redis example and use apache2 everywhere
[16:34] <stickupkid> esp. because redis isn't even updated