-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2013-12-17 10:20, John Arbash Meinel wrote: > ... >> This hints to me that Juju run is improperly design. We already >> have a way to inform all machines that we have work for them to >> do. Which *doesn't* require us to ssh into them (the hook >> triggers). > >> Just create a "run" hook that fires a custom script when there is >> data to be run. Why would be SSH into those machines directly? > > >>> I believe the rationale was so that juju-run can target >>> machines as well as units. To target a machine without any >>> units deployed would mean hooks are out of the question. > > > Then just run a hook context runner in the Machine agent. Still > *much* better than actually needing to SSH into every machine and > violating the model of every-other-way we run stuff on machines in > the environment. > > John =:->
I'm sorry if I'm coming off as overly negative. I don't mean to sound that way. I was surprised that 'juju-run' needed to be an always-on service that didn't act like all of our other always-on services that respond to DB changes. It violates the concept that we could have a user request things be run on the systems, without having direct SSH access. (SSH access implies that you can run whatever you want without auditing, while juju-run would certainly create an audit log, and could be RBACed to run specific commands, etc.) John =:-> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (Cygwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlKv8EIACgkQJdeBCYSNAAP3ugCghJlUaYtAhFdqrhKQG9dZqYsp 4yEAoMKh7IN3LH3nZNAtHHnUJ+Y1sJke =ZFj9 -----END PGP SIGNATURE----- -- Juju-dev mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev
