Created
January 3, 2013 07:42
-
-
Save trentster/4441603 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Licenser | |
is now really off to bed | |
11:07 | |
trentster | |
I think what joyent does is they ony give access to vnc console if you have access to the GZ which kind of emans you own the node | |
11:08 | |
killfill | |
trentster: they have that on the joyent public cloud? | |
11:08 | |
trentster | |
Licenser: its still early mate its barely 1am there? | |
11:08 | |
killfill | |
or you mean when you use sdc | |
11:09 | |
trentster | |
killfill: I am not sure about the Joyent vnc stuff, I vaguely remember reading it soemwhere, but could be wrong, have you deployed a kvm vm on joyent cloud? do you get vnc console access? | |
11:09 | |
killfill | |
i feel im from the past.. im GMT-4 | |
11:09 | |
killfill | |
trentster: nope, there is no vnc | |
11:09 | |
trentster | |
its Thu 11am here, I am from the future | |
11:10 | |
arekinath | |
damnit, you're more future than me at the moment, stupid daylight savings | |
11:10 | |
killfill | |
trentster: on jdc, supostly there is vnc in the operator portal.. but it never worked for me.. | |
11:10 | |
arekinath | |
my 2c, I think vnc through websockets is fine, but direct exposure, nah | |
11:10 | |
killfill | |
heh.. | |
11:11 | |
trentster | |
arekinath: long time no see mate, how do you figure websockets is safe vs direct exposure. Please explain to my layman brain. | |
11:11 | |
killfill | |
well actually.. i only has to use vnc ones.. when my vm's didnt booted.. and then i actually ended foring restarting them all by hand.. | |
11:12 | |
arekinath | |
trentster: the vnc itself runs from inside the zone, so if you exploit it you just get control over the kvm zone and not the gz | |
trentster: but having the gz on a network that people can get to, with ssh and whatever else open (except for firewall rules of course) | |
11:12 | |
arekinath | |
seems a bit more shady to me | |
11:13 | |
killfill | |
yah | |
like to have the users to connect to the fifo-zone for vnc acces... not the G, where the access really is | |
11:14 | |
trentster | |
Whats your guys opinions on console access for smart machines via the webUI? | |
I was chatting to Licenser about it and we are in 2 minds about weather is even necessary? | |
11:14 | |
arekinath | |
I think it would be nice, but only if it can be delivered safely | |
I've had plenty of times here where people have blown up their zones by using up their ram cap and SSH can't fork to let them log in | |
but console login works | |
and silly people who forget passwords, so we have to zlogin and change them | |
11:15 | |
trentster | |
arekinath: so in those instances they log support tickets and soemone manually has to fix the problem for them, which can be a bit of a pita | |
11:16 | |
arekinath | |
trentster: yeah. it's nice if they can do it themselves next time though. they usually file a ticket the first time, but if we leave them instructions to fix it themselves next time, we like things like that. | |
11:16 | |
killfill | |
arekinath: thats a nice one.. | |
11:16 | |
arekinath | |
they never read documentation in advance | |
but if you have some you can throw at them that works when they have a problem | |
it's nice | |
11:16 | |
trentster | |
arekinath: out of interest what do you think of the latest 0.3 dev? | |
11:17 | |
arekinath | |
trentster: it's ok. still seems a little buggy sometimes with the non-updating datasets list where you have to go around restarting chunters. and I haven't figured out how to use the user permissions in a way that doesn't seem stupid yet | |
11:18 | |
arekinath | |
I still would like that "resolvers" box to be auto-filled or disappearable (eg if it's set on the network) | |
11:18 | |
trentster | |
arekinath: killfill the only thing that would really work with end users is have them all wear an electric shock collar. and when they log a support ticket it automaticaly delivers a jolt of electricity. I would guess the forgetting password problem would dissapear very quickly | |
I have tried to get the shock collars implemented at some of our sites, but have been told that users may be anti the idea. | |
11:19 | |
arekinath | |
trentster: the academics here are pretty good at removing shock collars, unfortunately. they really apply their brains well when it comes to avoiding physical pain. but computers are hard, and they just don't want to try very hard | |
11:19 | |
trentster | |
arekinath: lol! | |
11:20 | |
killfill | |
jaja... | |
11:20 | |
arekinath | |
also, for anyone who wants SSL on 0.3-dev and doesn't want to fight with haproxy's ssl shiz | |
try stud | |
it's in pkgin | |
put haproxy on localhost:8088 or something and point stud through to it. then you can put nginx on port 80 and have it just serve 301s to https:// | |
shame nginx doesn't cope with websockets yet | |
apparently the next release will | |
11:21 | |
killfill | |
yah.. i found haproxy strange there as well.. | |
11:21 | |
trentster | |
stud, cool Licenser will be glad to hear that, we have spent a lot of time battling ssl, I still have it kinda working on my one dev instance, but its broken on others, so we basically removed it from dev for now until a workaround can be made. | |
11:21 | |
killfill | |
yup, i remember seen a changelog of it supporting it.. | |
but may be on a unstable release.. | |
11:22 | |
trentster | |
arekinath: do you have a working config file for "stud" that you have managed to getw orking with fifo? | |
arekinath: whats your opinion on moving Ui to angular/js | |
11:22 | |
arekinath | |
trentster: I just edited the default config | |
trentster: told it frontend="[*]:443" and backend="[127.0.0.1]:8088", and the path to the certificate | |
trentster: it figures out the rest. even does SNI if you want | |
11:23 | |
killfill | |
Websockets (end of Jan, 2013, md) | |
11:23 | |
arekinath | |
trentster: doesn't bother me. might make changes easier to make. | |
trentster: (re angular.js) | |
11:24 | |
arekinath | |
hey, erlang hipe has ARM support now. when did that happen? | |
11:24 | |
killfill | |
what i actually find too complicated are the forms.. users need to enter too much info... and they are ugly.. | |
11:25 | |
trentster | |
SNI looks cool just googled it | |
killfill: yeah you are right, the forms could do with some serious elegance | |
would be great if we could get MerlinDMC dataset.at form code integrated.. hint hint MerlinDMC | |
11:27 | |
arekinath | |
they're not terrible, but not quite yet amazing either. that resolvers box annoys me, because none of our users are going to have a clue what it is or what it does | |
or will think they do and put something weird in there | |
11:27 | |
trentster | |
yeah I was thinking about the resolvers box as well, it probably should be defined in packages section | |
11:27 | |
arekinath | |
I would have said with the network | |
haha | |
this is probably why it ended up there, couldn't decide | |
oh, it would be nice to have edit capabilities, too | |
to update VMs/networks etc | |
rather than destroy -> recreate | |
11:28 | |
trentster | |
arekinath: yeah network makes sense as well. | |
11:29 | |
killfill | |
definitly.. redimension zones in hot, is a killer feature | |
11:29 | |
trentster | |
yeah, I think now that we have a solid base with the 0.3 architecture rewrite the sky is the limit in regards to Ui functionality and features. | |
I think one major step is missing before all these features are added, imho, we need to have the UI flow basics setup. from the perspective of we should not be doing everything via action buttons in list boxes, but should have uuids , aliases, and network tags etc hyperlinked that open up new sections in the UI for that specific vm to make changes see attributes in more details etc. | |
my 2c | |
11:32 | |
killfill | |
would be too to associate the users to the owner_uuid or billing_id property of the vm's | |
would be cool i mean.. ah damn keyboard.. | |
11:33 | |
trentster | |
and there should be 2 templates that gets triggered when you click on either a kvm vm vs a smartmachine, as the attribues are different, e.g you can increase disk quota and ram on the fly in smartmachines. | |
11:34 | |
killfill | |
yup | |
11:34 | |
trentster | |
killfill: yeah exactly , ou would click on a uuid it would launch the vm attribute template in the UI, and one of the things listed in there would be Owner, you could then click on owner name (also hyperlinked) and then would take you to a list screen filtered by that owner so you can see what other vm's he owns, same with groups etc. | |
same thing could be done from datasets, click on a dataset and a template comes up telling you about datasets and in there could be a vm link button you could click on that would filter the vm's based on that dataset | |
11:37 | |
killfill | |
yah... not sure how would that look like, but sounds grate! | |
11:37 | |
trentster | |
etc etc the possibilites are endless, the real magic needs to happen at the "planning level" to cleverly figure out how to make all these components interact, then put that into place and build all the UI magic on top of that | |
its kind of outlined already in the flow diagram I did. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment