[00:23:06] <kostajh>	 I'm trying to set up an SSH tunnel to a Tools Forge DB, and having trouble connecting from my machine with `mysql --defaults-file=$HOME/.replica.my.cnf --host=127.0.0.1 --port=4711`, where I've copied `.replica.my.cnf` from the server. While mysql will open a connection, when I try to `use {dbname}`, I get `ERROR 1044 (42000): Access denied for user '{username}'@'%' to database {db}`
[00:44:39] <JJMC89>	 kostajh: You'll want to take a look at https://wikitech.wikimedia.org/wiki/Help:Toolforge/Database#Connecting_with... I think you need to SSH through a bastion (tools-login.wmflabs.org).
[00:46:47] <kostajh>	 JJMC89: thanks. I'm using the SSH tunnel command from https://github.com/wikimedia/CopyPatrol#to-install-locally
[00:50:31] <chicocvenancio>	 kostajh: is that error message redacted? Or does it really have `{username} `
[00:50:47] <chicocvenancio>	 ? 
[00:50:49] <kostajh>	 chicocvenancio: redacted. I'm using a proper username :)
[00:52:37] <chicocvenancio>	 A proper username as in the same you see in your user replica.my.cnf or is it a tool credential? 
[00:53:20] <kostajh>	 chicocvenancio: it's different from what is in replica.my.cnf
[00:54:24] <kostajh>	 chicocvenancio: I can do `ssh kharlan@login.tools.wmflabs.org`, `become eranbot`, `sql local`, then `use ` the database. That works fine. If I make an SSH tunnel and copy same `replica.my.cnf` that exists for `eranbot` to my local machine, then I can't access.
[00:55:34] <chicocvenancio>	 And the username for the error, is it the same as the one in eranbot replica.my.cnf? 
[00:56:41] <kostajh>	 double checking
[00:57:21] <kostajh>	 chicocvenancio: yes, it's the same username
[05:17:24] <zhuyifei1999_>	 Why does the username have to be redacted? anyone can get your user id by user name
[11:32:46] <Amir1>	 any cloud admin around? I need access to a tool for https://phabricator.wikimedia.org/T182341 (I'm a tools standard committee member)
[11:36:13] <zhuyifei1999_>	 I can login as root but can't alter permission list
[11:36:26] <zhuyifei1999_>	 (group membership)
[11:39:21] <zhuyifei1999_>	 I think right now might be arturo's daytime
[11:40:53] <arturo>	 hey
[11:41:52] <arturo>	 zhuyifei1999_: could you please remind me what the procedure looks like?
[11:42:30] <zhuyifei1999_>	 arturo: striker I think
[11:43:44] <arturo>	 Amir1: which tool?
[11:43:46] <arturo>	 thanks zhuyifei1999_ 
[11:44:18] <Amir1>	 PM'ed
[11:47:44] <arturo>	 do we have a SAL or something to register this kind of things?
[11:48:52] <zhuyifei1999_>	 considering it's a 'security ticket', maybe just mention the task ID instead of what toold it's about?
[11:49:54] <arturo>	 I left a comment in the phab task
[15:00:43] <wikibugs>	 (03PS15) 10Paladox: Ignore wips when creating a patchset [labs/tools/wikibugs2] - 10https://gerrit.wikimedia.org/r/443220 (https://phabricator.wikimedia.org/T175929)
[15:03:59] <wikibugs>	 (03PS16) 10Paladox: Ignore wips when creating a patchset [labs/tools/wikibugs2] - 10https://gerrit.wikimedia.org/r/443220 (https://phabricator.wikimedia.org/T175929)
[15:09:38] <wikibugs>	 (03CR) 10Paladox: "@Merlijn van Deen does it look better? :)" [labs/tools/wikibugs2] - 10https://gerrit.wikimedia.org/r/443220 (https://phabricator.wikimedia.org/T175929) (owner: 10Paladox)
[16:59:10] <TheresNoTime>	 Does anyone happen to have the previous topic?
[17:02:17] <TheresNoTime>	 Close enough.. :/
[17:03:31] <jynus>	 you can add the cloud if you want
[17:03:38] <jynus>	 I just recovered from my history
[17:03:52] <TheresNoTime>	 Thank you jynus, real PITA to do that on IRCCloud
[17:04:16] <jynus>	 in Konversation is litteraly 1 click
[17:04:51] <TheresNoTime>	 Ooh get you :P
[17:06:06] <jynus>	 it stores the last N topics
[17:06:56] * bd808 sighs about topic spammers and jerks in general
[17:07:33] <jynus>	 technically it is easy to solve ~
[17:07:51] <bd808>	 its easy to block topic changes, yes
[17:08:21] <jynus>	 but we know there is almost no difference between +t and a dictatorship :-)
[17:10:27] <TheresNoTime>	 It's your call ^^
[17:21:10] <legoktm>	 jynus: LOL
[17:21:16] <legoktm>	 !bash <jynus> but we know there is almost no difference between +t and a dictatorship :-)
[17:21:16] <stashbot>	 legoktm: Stored quip at https://tools.wmflabs.org/bash/quip/AWSPguHHwY2u4JUTKP2v
[18:26:29] <mdholloway>	 o/ anyone know why i might be getting 'permission denied (publickey)' when attempting to log into my newly created instance deployment-maps04.deployment-prep.eqiad.wmflabs?
[18:26:39] <mdholloway>	 i can log into most deployment-prep instances without issue
[18:27:31] <harej>	 mdholloway: in my experience it takes a few minutes for puppet to update
[18:28:11] <mdholloway>	 harej: that was my first thought, but i created this instance yesterday morning, so it should have had time to run.
[18:28:19] <mdholloway>	 maybe 'newly created' was a bit misleading ;)
[18:30:06] <bd808>	 mdholloway: I can't get into that instance with my root key either so I would guess that the initial puppet run failed
[18:30:18] <mdholloway>	 i tried generating a new 4096-bit RSA keypair and updating my prefs with it in case my old 2048-bit set wasn't up to snuff anymore, but that didn't help either
[18:31:32] <mdholloway>	 bd808: ah, ok.  what's the best way to proceed in that case?  delete the instance and start again?
[18:31:45] <bd808>	 mdholloway: yeah, that's pretty much all you can do
[18:32:33] <bd808>	 not the greatest user experience I know :/
[18:35:16] <mdholloway>	 ok.  about that: on some occasions i've messed up in some way when creating an instance, and deleted and immediately created a new instance with the same name, and it seemed not to work well (as in i couldn't log in again).  i think it's happened twice.  is there some reason we'd expect that not to work well, or was it probably just a fluke?
[18:36:46] <bd808>	 mdholloway: I always recommend unique instance names even if the prior names were dead on arrival. There are things like puppet client certificates that cary the instance names and do not always get automatically cleaned up properly
[18:37:46] <mdholloway>	 bd808: i see.  i'll iterate the number up to -05 then.  thanks!
[18:43:33] <davidwbarratt>	 Are the replicas accessible from a VPS like they are from Toolforge?
[18:43:51] <chicocvenancio>	 sure
[18:44:20] <davidwbarratt>	 chicocvenancio are you answering me or someone else? 
[18:44:32] <chicocvenancio>	 you, davidwbarratt
[18:45:16] <davidwbarratt>	 hmm well that's interesting
[19:42:32] <bd808>	 davidwbarratt: we do not automatically issue db user credentials for VPS projects or provision the `sql` wrapper script, but otherwise access would be the same/similar.
[19:43:29] <bd808>	 today our recommendation for getting db user credentials is actually just to make a tool specifically for that purpose and take a copy of its replica.my.cnf file to use from the project
[19:46:49] <davidwbarratt>	 bd808 ah, interesting
[19:55:33] <mdholloway>	 same story with deployment-maps05 :(
[19:58:24] <chicocvenancio>	 mdholloway: might be something wrong with the puppet classes or hiera settings 
[19:59:11] <chicocvenancio>	 is it possible to apply that after instance creation?
[20:00:58] <mdholloway>	 chicocvenancio: yes, i should be able to.
[20:01:21] <mdholloway>	 it's just a plain old m1.large created from the debian-9.4-stretch image
[20:01:33] <mdholloway>	 on -04 i had added the "maps" security group
[20:01:40] <mdholloway>	 this one i haven't touched yet
[20:02:17] <chicocvenancio>	 there is a lot of hiera settings https://tools.wmflabs.org/openstack-browser/server/deployment-maps05.deployment-prep.eqiad.wmflabs
[20:02:31] <chicocvenancio>	 maybe prefix, project or wikitech...
[20:04:23] <mdholloway>	 hmm, yeah.  i knew it was inheriting some settings but didn't realize it was all of that.
[20:08:53] <mdholloway>	 well, i see at least one problem
[20:08:55] <mdholloway>	 [   87.261859] rc.local[423]: [1;31mError: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Resource Statement, Evaluation Error: Error while evaluating a Function Call, Could not find data item profile::maps::cassandra::kartotherian_pass in any Hiera data file and no default supplied at /etc/puppet/modules/profile/manifests/maps/apps.pp:3:36 on node
[20:08:55] <mdholloway>	 deployment-maps05.deployment-prep.eqiad.wmflabs[0m
[20:27:59] <paladox>	 bd808 hi, https://tools.wmflabs.org/openstack-browser/project/wikiapiary is taking forever to load.
[20:28:53] <paladox>	 !help ^^
[20:28:53] <wm-bot>	 paladox: If you don't get a response in 15-30 minutes, please create a phabricator task -- https://phabricator.wikimedia.org/maniphest/task/edit/form/1/?projects=wmcs-team
[20:29:22] <andrewbogott>	 paladox: I don't know much about that project; I can certainly restart the tool
[20:29:24] <bd808>	 paladox: was that really !help worthy?
[20:29:27] <andrewbogott>	 are you seeing slowdowns elsewhere?
[20:29:36] <bd808>	 loaded immediately for me
[20:29:56] * TheresNoTime regrets having !_help stalked
[20:30:09] <paladox>	 bd808 i didn't know if you were around. so sorry. But yes it was slow but now it loaded fast.
[20:31:17] <bd808>	 that tool collects and caches a lot of slow/expensive data. If you happen to hit a point where the cache is empty it will take 2-3 minutes to figure out all the things
[20:33:36] <paladox>	 ah ok
[20:33:39] <paladox>	 sorry for pings
[21:41:12] <Krinkle>	 Hi - don't know if https://github.com/wikimedia/labs-striker-deploy is still used, but GitHub reports a potential vulnerability with it.
[21:42:29] <Reedy>	 github has started doing python security scanning
[21:44:26] <Krinkle>	 Also is https://github.com/wikimedia/labs-tools-SuchABot / https://github.com/wikimedia/labs-tools-gerrit-to-redis still in use?
[21:44:46] <Krinkle>	 Afaik we use wikibugs2 now, which... has its own thing, or not?
[22:30:34] <bd808>	 Krinkle: I'm looking at the striker one. Thanks for the poke
[22:47:38] <Krinkle>	 o/
[23:06:35] <bstorm_>	 !log toolsbeta Got the grid master running
[23:06:36] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Toolsbeta/SAL