-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 17/12/13 19:33, John Arbash Meinel wrote: > On 2013-12-17 10:20, John Arbash Meinel wrote: >> ... >>> This hints to me that Juju run is improperly design. We already >>> have a way to inform all machines that we have work for them >>> to do. Which *doesn't* require us to ssh into them (the hook >>> triggers). > >>> Just create a "run" hook that fires a custom script when there >>> is data to be run. Why would be SSH into those machines >>> directly? > > >>>> I believe the rationale was so that juju-run can target >>>> machines as well as units. To target a machine without any >>>> units deployed would mean hooks are out of the question. > > >> Then just run a hook context runner in the Machine agent. Still >> *much* better than actually needing to SSH into every machine >> and violating the model of every-other-way we run stuff on >> machines in the environment. > >> John =:-> > > I'm sorry if I'm coming off as overly negative. I don't mean to > sound that way. I was surprised that 'juju-run' needed to be an > always-on service that didn't act like all of our other always-on > services that respond to DB changes. It violates the concept that > we could have a user request things be run on the systems, without > having direct SSH access. (SSH access implies that you can run > whatever you want without auditing, while juju-run would certainly > create an audit log, and could be RBACed to run specific commands, > etc.)
A key difference between "juju run" and the rest of the system is that there is no "state" to refer to. "juju run" isn't about having a system world view and having the agents make that happen. "juju run" is really syntactic sugar around "juju ssh" and the server component "juju-run" that does the execution inside a hook context. I understand that this is different, but a key thing was also to provide this facility to the UI, which is why it isn't just done purely client side. Tim -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlKxKZoACgkQd1fvI4G7WRDICACfYfPejJ2Tz6X+7edFQOf5dUen IRQAoIcxjJm4p9/hrr2Q5BbQJC4/7ndy =oEKG -----END PGP SIGNATURE----- -- Juju-dev mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev
