-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 14-05-27 02:55 AM, John Meinel wrote: > I just proposed this branch: > http://code.launchpad.net/~jameinel/juju-core/login-returns-env-tag/+merge/221021 > > This will make it so that we end up caching the environment UUID > into our ENV.jenv file, and passing it up when we try to connect, > and having it validated to match the running environment. > > I believe CI uses some infrastructure to avoid having Juju > automatically generate a bunch of the fields in .jenv files (CACert > and control-bucket come to mind). Environment UUID is going to be > one of those things that gets generated during bootstrap (it always > has been uniquely generated, we just never actually tracked it > before).
Thanks for the heads-up. I don't think this will be a problem for us. Basically, we're taking the cloud-city environments.yaml and writing a temporary copy, with a few values (agent-version, bootstrap-host) updated at runtime. When .jenvs were introduced, we started copying everything from the .jenv into the environments.yaml, but now we just pass .jenvs around. We try to keep our environments.yaml minimal now, so we no longer have ca-cert, and we keep admin-secret + control-bucket only for Canonistack, where their removal may have broken our accounts. > Some of this is moving us toward multi-environment state servers, > where we can tell what environment you want access to from your > Login request. And some of this is a general desire that we've had > that when you run a command you know that you're actually > connecting to the environment you thought you were. And the > official descriptor for an environment is its internal UUID. +1 > However, this would mean that if you bootstrap, and have a .jenv > file, then someone out-of-band destroys that environment and > bootstraps it again, you'll now refuse to operate with this new > environment that no longer matches the old one. That is already true (due to certs and other values), and we would be upset with anyone who re-bootstrapped without sharing the resulting .jenv. Aaron -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJThJL2AAoJEK84cMOcf+9h+eMH/3EEEq/hbO4Sgzdk30tV7l9+ OmzDFFc7J/PHuA296Z9qwRmGOTTLirk94V0gA0gVVy8SbLs680y94pv1HtK9S5Oq OqJt9D6ruJVhLlDLnOUplHtr4e90X5rWQXeENntsUEYTiOnUZTfOuPOrz0vupBUd sI9wXILoHVdqeU7P3wFdT+7sNoxELwpAkjU2gm/V3Oy68/QePl+D2y2xC+xfhOWc gYXDtV2V0447Vy4A7mtFu5WWipJ316F+nwmQ9z9D41TMOPwq2im9ZVzVmgtiVF6N 18VgicrkPdJRnt4yOMX0uy9P0I4UBBW/0KQbM5RDClwxdINm1HXM2SrFm5kLwRk= =wJTk -----END PGP SIGNATURE----- -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev
