build: pack/deploy charm on `resolute` by jansdhillon · Pull Request #109 · canonical/landscape-server-operator

jansdhillon · 2026-03-30T23:45:58Z

Note that build CI will fail because the ccc cache doesn't have the resolute build yet

Refresh charmcraft to the latest version (4.1+):

sudo snap refresh charmcraft --channel latest/edge

Pack

charmcraft clean && charmcraft pack --platform ubuntu@26.04:amd64

Deploy

make SKIP_BUILD=true deploy

Run shortly after deploying to ensure the model pulls from ubuntu-daily:

juju model-config image-stream=daily

After the model settles check the services are up:

juju ssh landscape-server/0 -- "sudo lsctl status"

...

landscape-server.target
● ├─landscape-api.service
● ├─landscape-appserver.service
● ├─landscape-async-frontend.service
● ├─landscape-hostagent-consumer.service
● ├─landscape-hostagent-messenger.service
● ├─landscape-job-handler.service
● ├─landscape-msgserver.service
● ├─landscape-package-search.service
● ├─landscape-package-upload.service
● ├─landscape-pingserver.service
● └─landscape-secrets-service.service
Run 'sudo systemctl status <service>' for details

Testing auth

To test OIDC, ask Spencer to invite you to the dev Okta if you haven't already.

Then, get the IP address of landscape-server/0, and set it like so in /etc/hosts:

<IP> landscape-server-jammy.com onward.landscape-server-jammy.com

replacing that with the real IP. Note that we have to use landscape-server-jammy.com because the login redirect URIs for Okta need to be specific URLs.

Also, the charm guards against having OIDC and OpenID set in the charm config for some reason, that's why the bundle uses additional_service_config.

Log in with OIDC at https://landscape-server-jammy.com/.

Truncating the account DB and retrying with OpenID (Ubuntu One)

Truncate the databases by first getting the operator secret:

╭─[jan-framework] as jan.dhillon@canonical.com in ~/landscape-server-operator using Python 3.12.3 on (resolute)✔
╰─(๑˃̵ᴗ˂̵)و (.venv) juju secrets
ID                    Name  Owner               Rotation  Revision  Last updated
dfbrl79o5je14n7253f0  -     landscape-server/0  never            1  9 minutes ago   
tnspi4lcv1sop60e2p10  -     landscape-server/0  never            1  9 minutes ago   
dcqqpgfrn3rb2p85m0n0  -     lb-certs            never            1  17 minutes ago  
pq4kel57mke72cu933ng  -     postgresql          never            1  15 minutes ago  
p7hbo0v15q7vt2a0g8d0  -     postgresql          never            1  9 minutes ago   
bbeuvakkpb4jt7vom2qg  -     postgresql          never            1  9 minutes ago   
do55c2v8b2ctvo9a4tn0  -     postgresql/0        never            1  15 minutes ago

─[jan-framework] as jan.dhillon@canonical.com in ~/landscape-server-operator using Python 3.12.3 on (resolute)✔
╰─(๑˃̵ᴗ˂̵)و (.venv) juju show-secret pq4kel57mke72cu933ng --reveal                    
pq4kel57mke72cu933ng:
  revision: 1
  checksum: 10d6ef0c5131e5569eb813cc1ca0e4c16dd1c84b4d2eaff04bce6db11ee1b1e1
  owner: postgresql
  label: database-peers.postgresql.app
  created: 2026-04-07T16:15:45Z
  updated: 2026-04-07T16:15:45Z
  content:
    internal-ca: |-
      -----BEGIN CERTIFICATE-----
      MIIDojCCAoqgAwIBAgIUQ7UoOuHJ8KZvZLwp1nzrZ+chQ0IwDQYJKoZIhvcNAQEL
      BQAwaTE4MDYGA1UEAwwvcG9zdGdyZXNxbC01ODg2Nzg0MS0xOGVlLTRmYzEtODNh
      NS0wN2Y0NGVmOGUwMzgxLTArBgNVBC0MJDAxODBhMTQ2LWIzOTktNGYzMS04YWU5
      LTBkNGM5ZDY4NWRiYjAeFw0yNjA0MDcxNjE1NDNaFw00NjA0MDIxNjE1NDNaMGkx
      ODA2BgNVBAMML3Bvc3RncmVzcWwtNTg4Njc4NDEtMThlZS00ZmMxLTgzYTUtMDdm
      NDRlZjhlMDM4MS0wKwYDVQQtDCQwMTgwYTE0Ni1iMzk5LTRmMzEtOGFlOS0wZDRj
      OWQ2ODVkYmIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAc4+lWpGX
      ME85kPrmMr7OhQPEc6WRq21cxr/NgYDFwlAB+iepMbCLcXTnT6AlUSsXLQ7pSdJr
      bzXzqBrM90OGqSq2MwQLhLZo4bd7zSeUhI38XSUFMwUxzRE5uFfxmJ6YUhrXyjxT
      NN2TAPvslD+oLFZEbKhSZYM7J6FJVPcnY4K8U+gd8zvnHDwQnWE1lRR+Pys6x9l6
      1eT04DHpzd4ZFotH6MZ6yNORHpK/DPGyS31bM/8fE6EZCmLJcUR9JPtdu6Cdfj5i
      SM3RAg0o5KHICCCQZ36YQgZXpGZm+X2aUpovU3q8e19Wh7dPmyPxP1mhCwMDhZD5
      kq0HWQELxSuPAgMBAAGjQjBAMB0GA1UdDgQWBBRkYsmcHF0lPNxnJqo788RzBWOL
      dTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwICpDANBgkqhkiG9w0BAQsF
      AAOCAQEAtrcjLtrLza/Jjzzbd27bFLnJBpywE53rtA0oMFS8TUgHyRVQdV452aZ7
      6gHq+8g+Jj0lc+IahJShYoGCbtSFBfLqkObjmZfoLkZa/ZAHmEvzq3S9j5vUakPi
      XrBFzyX9SU0B6FOgjFFGa/vfst26MPp0IldoIM0oNWfO2lazFcHNmBjmoEv2E6Ea
      lZyU0z/yPRFvQ2ellGjf32uwy5oiY0GdGcXmevtGDO4GTGJ1jrJaO9UlRA0+cpoA
      bQ0Out5PONWTgdxCXujmU/lA3EEAJYkaWazCAECmm5r4RAn6WLNDXd/rYGAQKusE
      qHuO1j4S3NzEuRth//Xrp/pxAHYTMQ==
      -----END CERTIFICATE-----
    internal-ca-key: |-
      -----BEGIN RSA PRIVATE KEY-----
      MIIEpAIBAAKCAQEAwHOPpVqRlzBPOZD65jK+zoUDxHOlkattXMa/zYGAxcJQAfon
      qTGwi3F050+gJVErFy0O6UnSa28186gazPdDhqkqtjMEC4S2aOG3e80nlISN/F0l
      BTMFMc0RObhX8ZiemFIa18o8UzTdkwD77JQ/qCxWRGyoUmWDOyehSVT3J2OCvFPo
      HfM75xw8EJ1hNZUUfj8rOsfZetXk9OAx6c3eGRaLR+jGesjTkR6Svwzxskt9WzP/
      HxOhGQpiyXFEfST7XbugnX4+YkjN0QINKOShyAggkGd+mEIGV6RmZvl9mlKaL1N6
      vHtfVoe3T5sj8T9ZoQsDA4WQ+ZKtB1kBC8UrjwIDAQABAoIBADGal5/LJFOPxBvW
      XpUO51dbuYjdNgPB58JOCAn0IzjVyMF5tNdLU3HdoIAuady0eyLSHlHLEU1XsNRI
      s/+4i9Mdr0CfDZ/aaRnHc/+Y9Wa2c9JkP7KDYAdiD9qMxT4kVFx2bSzJl5rquWG2
      kzh7TZ0PMH0adJgoShbpNA0utTWVYUz/Rx4nc6oAyqbEJeMIm2sLW0rwFgTc2NXk
      x1wcmFkhbEvdrAMJfxusAaobcaba6lpBckW1zO7gMLxB/ySanA98cZreIQz5X0ez
      S2KQs2gNdLdEzqxTLN+u8bL8HXA9rOc5SDY92oU4QY11WWkcmslxvBcpSjpBXVI7
      GPw6LYECgYEA+poQZGmvCQv4Pa0aJg1+8/+gBFMr3uUBVj308/0IMM20WGDMJX7l
      Fh/50QdsXBpJgIZa0FtiSc6YJLUt2eF0ra/3OjtqGUJEddasfsjyaN04aInUZQVl
      EV0nW2jMwmQ+obgvBp8FCW2hHafn09Qg2//fhZU5YW/f/GpFDLVn+7ECgYEAxJjU
      F6gp+6tdZC1WDxkTTR3UV13ElHxykbQ6JpKR1uofIYu6H13j1CgrhqQXON7Nxm/r
      HknYOB8lcTxpzFl28krEM5f5aaPE3sgKdhkza4Ybmp0h8+lHoXX5mNC+F7ZswxsW
      Ze/nryg1AEJrnbsvxONcBg5BAq+IBQDaUPm/qz8CgYEAg3Kcdo8YyN4GcBOES8F4
      ffPvs1UNBfWJJfuJqRFoYnEDz/e2HVTaRSiwmPwT0pvXQhs3N2M3ww8irt56Fnc0
      BIbwXxMbK/SehFD+WeJ9hJPFKtBhIDwcL2d1ZXUrMivyzlEWGZr/wVpH0I5qA6qZ
      McydKiyD1KAiFPyJC4l76YECgYBVZRkDaZ1K3yXC5Npz1m2G2sUoaeeApAnT9lgn
      9xR4KNv640mmZE8ZEZXOdypLHqR9ZJHZZzQPNKA77oT6KYY8OnO9AW9qDqPuLTA2
      Gj42n1sQLt7XpuXhYXBYi5t2i1v056g0ASA++hUDltZN/kgCmsuXKcvdUcegfL1X
      3RP/WwKBgQDqB3vb5jNRLd3TR3l3NbcW3tbYu6ltisjEDaCj0ibGzjPjAhfKTz5g
      8vvL6bsjigWlBs7QdZGWld9AfGqpIDmjIMjJw5s1qLOM194Ps91+T4Lca6TfP8ah
      K2OrCNlzLqk4b7TTyUVJWwTzhDsBNof45lRvj1PjvQPLmlnQQnLPcg==
      -----END RSA PRIVATE KEY-----
    monitoring-password: F32WTgEuGcDwTiUv
    operator-password: afswHJOF2VY3GA6D
    patroni-password: 57De1tKXdX1P2o4u
    raft-password: ZISVxtgnScyIEtK2
    replication-password: kx9quou25x3Hlk0w
    rewind-password: jNdv7qEo5IZC9tfo                                                                          ~7s

Use it to truncate the main and account databases so we can recreate the first account with OpenID:

PG_PASSWORD=$(juju show-secret afswHJOF2VY3GA6D | grep operator-password | awk '{print $2}') && PG_HOST=$(juju status postgr
esql --format json | python3 -c "import json,sys; units=json.load(sys.stdin)['applications']['postgresql']['units']; print(list(units.values())[0]['public-address'])") && juju ssh postgresql/leader -- "echo 'TRUNCATE person CASCADE; TRUNCATE account CASCADE;' | sudo PGPASSWORD=$PG_PASSWORD charmed-postgresql.psql -U operator -h $PG_HOST -d landscape-standalone-main"

Then, go back to https://landscape-server-jammy.com/ and instead log in with Ubuntu One.

Running integration tests

LANDSCAPE_CHARM_USE_HOST_JUJU_MODEL=1 make integration-test

wck0 · 2026-04-01T19:53:37Z

Build and deploy worked as expected. I don't think we want to merge all of these changes, though. Can you clean it up so the PR has just the changes we need? The other details are probably good fodder for our internal docs.

…ntic

pack/test for noble

6d99f72

jansdhillon changed the title ~~feat: pack/deploy charm on resolute~~ build: pack/deploy charm on resolute Mar 30, 2026

jansdhillon added 5 commits March 30, 2026 17:56

ake sure model can get daily imgs

79946c2

feat: support multiple PPAs via newline-separated landscape_ppa config

bd47204

fix internal HAProxy bundle

dccb133

multiple ppas

82a8184

fix real issue, rm hacks

ee33a41

jansdhillon force-pushed the resolute branch from 8d4fa2c to ee33a41 Compare March 31, 2026 05:57

jansdhillon and others added 3 commits March 31, 2026 00:11

lint

be107c9

Merge branch 'main' into resolute

34e721b

put model conf in right bundle

c04e3df

jansdhillon added 17 commits April 7, 2026 10:24

add OIDC/OpenID Config

a4cd262

Merge branch 'main' into resolute

3aaf0a3

add back res changes undo back merge

07c4e21

move test bundle into real test bundle not integration test bundle

46fb357

go abck to compatible pydantic vers

9f63834

fix py ver

a8f2edd

fix bundle

792c8f1

fix test mocks

7402702

use site packages

30f952e

revert force py312 in charm

992595b

bump pydantic

20cb4c7

dont use python3.12 for build, allow system py to avoid breakin gpyda…

0b047d1

…ntic

pin haproxy to avoid running into validation bug

58162d4

enable ubuntu installer attach (uploaded to PPA)

c77b89f

fix ppas integration test, workaround outbox install failure on resolute

53fdaff

lint

8b565d2

skip upgrade test on resolute

dc24078

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build: pack/deploy charm on `resolute`#109

build: pack/deploy charm on `resolute`#109
jansdhillon wants to merge 26 commits intocanonical:mainfrom
jansdhillon:resolute

jansdhillon commented Mar 30, 2026 •

edited

Loading

Uh oh!

wck0 commented Apr 1, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

jansdhillon commented Mar 30, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Pack

Deploy

Testing auth

Truncating the account DB and retrying with OpenID (Ubuntu One)

Running integration tests

Uh oh!

wck0 commented Apr 1, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

jansdhillon commented Mar 30, 2026 •

edited

Loading