[10:11:01] <arturo>	 !log tools T196137 `aborrero@tools-clushmaster-01:~$ clush -w@all 'sudo wc -l /var/log/exim4/paniclog 2>/dev/null | grep -v ^0 && sudo rm -rf /var/log/exim4/paniclog && sudo service prometheus-node-exporter restart || true'`
[10:11:04] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools/SAL
[10:11:04] <stashbot>	 T196137: toolforge: prometheus issue is filling up email queue - https://phabricator.wikimedia.org/T196137
[11:46:00] <Amir1>	 !log wikilabels 7d3af05 is going to staging
[11:46:02] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Wikilabels/SAL
[11:48:22] <Amir1>	 It seems great, moving to prod
[11:48:58] <Amir1>	 !log wikilabels 7d3af05 is going to prod
[11:48:58] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Wikilabels/SAL
[17:29:15] <Hauskatze>	 tools.wmflabs.org/bash is taking a whole loooot time to load, any issues on the servers? :)
[21:37:41] <hare>	 If I'm setting up my own Redis instance on a Cloud VPS, and I want the instance to be directly accessible from, say, Toolforge, but not the Internet in general, how should I configure the Redis server?
[21:47:27] <halfak>	 !log deployment-prep deploying ores 6ee8775
[21:47:30] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Deployment-prep/SAL
[21:54:39] <Krenair>	 hare, that's complicated
[21:54:56] <Krenair>	 all the labs instances sit side by side in the same network
[21:55:12] <Krenair>	 I think it's difficult to make it accessible to tools and not other labs instances
[21:55:48] <Krenair>	 allowing connections from the whole of labs and then only distributing the passwords etc. to tools instances might be enough
[21:55:53] <Krenair>	 otherwise, maybe you could do something with security groups
[21:56:07] <hare>	 i think i would be fine with that
[21:56:16] <Krenair>	 in that case, 10.0.0.0/8 is the normal range to use
[21:56:17] <hare>	 accessible to all of labs is better than accessible to the entirety of the internet
[21:56:31] <hare>	 so I would make it accessible to labs and set a really good password and that should cover my bases?
[21:56:57] <Krenair>	 (technically that includes the prod private hosts but I don't think most of prod can talk to labs private stuff anyway, and I wouldn't be worried about prod when you're letting random labs instances connect)
[21:57:08] <Krenair>	 probably
[22:45:28] <ebernhardson>	 is redis protocol encrypted? Would AUTH just send the pasword plaintext acros sthe internet?
[22:52:45] <Krenair>	 ebernhardson, not sure but I'm not sure that matters much between labs hosts
[22:53:19] <Krenair>	 it won't be across the internet
[22:54:46] <Krenair>	 it'll be across the wikimedia private lan in eqiad
[22:57:33] <ebernhardson>	 Krenair: oh silly me, i read cloud vps as generic "cloud" and not wmf cloud :)
[22:58:16] <paladox>	 lol
[22:58:24] <Krenair>	 :)