[03:14:53] <andrewbogott>	 !log puppet-diffs migrating VMs to eqiad1-r, then hopefully figuring out how to make them work in Jenkins again
[03:14:55] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Puppet-diffs/SAL
[05:22:18] <bawolff>	 How do i get a list of tools I made if i can't remember the name of the tool account my bot is running on?
[05:28:22] <bawolff>	 nevermind, i figured out what my tool was named
[05:29:32] <legoktm>	 lol
[05:29:40] <legoktm>	 toolsadmin has a lisr
[05:29:42] <legoktm>	 List
[09:41:39] <Krenair>	 If you run `id` you can see which groups you are in and find it that way
[15:46:42] <andrewbogott>	 !log wikidocumentaries migrating project to eqiad1-r
[15:46:43] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Wikidocumentaries/SAL
[15:47:09] <andrewbogott>	 !log wikidiff2-wmde-dev migrating project to eqiad1-r
[15:47:09] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Wikidiff2-wmde-dev/SAL
[15:47:52] <andrewbogott>	 !log wpx migrating project to eqiad1-r
[15:47:53] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Wpx/SAL
[16:22:37] <bd808>	 !log tools.stashbot Testing SAL
[16:22:39] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.stashbot/SAL
[16:48:29] <elukey>	 hi! So in the analytics project I have two instances that cannot ping themselves (tried on both hosts) but the traffic with the rest of the hosts (in the project) is fine
[16:48:52] <elukey>	 any idea why?
[16:58:24] <gtirloni>	 elukey: which instances?
[17:00:41] <elukey>	 hadoop-master-3.analytics.eqiad.wmflabs <-> kdc.analytics.eqiad.wmflabs
[17:01:05] <elukey>	 it is friday evening for me so it could be a PEBCAK 
[17:01:27] <elukey>	 but I am a bit puzzled about the ping not working
[17:05:52] <Krenair>	 eqiad1-r
[17:06:02] <elukey>	 gtirloni: err sorry, hadoop-worker-3.analytics.eqiad.wmflabs
[17:06:08] <elukey>	 not master
[17:06:23] <Krenair>	 wonder if they have security groups set up to allow ICMP for 10/8 but not the new range or the right security groups
[17:07:21] <Krenair>	 FWIW I can reproduce the problem
[17:07:25] <elukey>	 both hosts have 172.x ips and ping works generally
[17:07:32] <elukey>	 but not on those 
[17:08:24] <Krenair>	 let's see
[17:08:36] <paladox>	 ping works for me on puppet-paladox to those instances.
[17:08:47] <Krenair>	 kdc is in the following security groups: default
[17:09:04] <Krenair>	 hadoop-worker-3 is in the following security groups: default
[17:09:12] <Krenair>	 okay
[17:09:17] <gtirloni>	 elukey: thanks, checking
[17:09:23] <Krenair>	 so we should see a rule in the default security group allowing ICMP internally
[17:09:40] <Krenair>	 okay interesting, it allows from 0.0.0.0/0
[17:09:49] * elukey sends a beer to gtirloni 
[17:10:00] <Krenair>	 and *any* traffic internally
[17:10:09] <Krenair>	 so we should be good on the security group front
[17:10:57] <Krenair>	 there is an IPv6 rule in here for some reason but we can ignore that
[17:11:15] <Krenair>	 interesting
[17:11:21] <Krenair>	 krenair@kdc:~$ ping hadoop-worker-3
[17:11:22] <Krenair>	 PING hadoop-worker-3.analytics.eqiad.wmflabs (172.16.2.243) 56(84) bytes of data.
[17:11:22] <Krenair>	 From kdc.analytics.eqiad.wmflabs (172.16.2.235) icmp_seq=9 Destination Host Unreachable
[17:12:28] <Krenair>	 iptables look okay
[17:12:39] <Krenair>	 yep I'm out of ideas
[17:12:40] <paladox>	 that is the wrong ip Krenair 
[17:12:45] <Krenair>	 hm?
[17:12:47] <paladox>	 root@puppet-paladox:/home/paladox#  ping hadoop-worker-3
[17:12:47] <paladox>	 PING hadoop-worker-3.eqiad.wmflabs (172.16.2.243) 56(84) bytes of data.
[17:12:47] <paladox>	 64 bytes from hadoop-worker-3.analytics.eqiad.wmflabs (172.16.2.243): icmp_seq=1 ttl=64 time=0.380 ms
[17:13:09] <Krenair>	 well, yes, it got a Destination Host Unreachable, the packet won't be from the destination host paladox :D
[17:13:33] <paladox>	 oh
[17:14:14] <elukey>	 (thank all for checking btw)
[17:14:18] <elukey>	 *thanks
[17:16:31] <gtirloni>	 kdc can't find worker-3's mac address. if I force it, the packets go out and worker-3 replies, but the packets don't make their way to kdc
[17:17:03] <elukey>	 nice! I didn't check that far
[17:17:05] <Krenair>	 wow
[17:17:28] <Krenair>	 okay this is out of my depth
[17:17:33] <Krenair>	 good luck
[17:19:46] <gtirloni>	 I think we got a routing loop somewhere. I'm seeing TTLs expiring
[17:21:40] <elukey>	 gtirloni: ip neigh is interesting on hadoop-worker-3
[17:22:04] <elukey>	 ah no now it is better
[17:22:05] <elukey>	 nevermind
[17:22:37] <elukey>	 now it seems pinging
[17:22:42] <elukey>	 gtirloni: did some magic?
[17:23:05] <elukey>	 nope..
[17:23:06] <elukey>	 172.16.2.1 dev eth0  FAILED
[17:23:11] <elukey>	 172.16.2.2 dev eth0  FAILED
[17:23:19] <elukey>	 I was of course checking the wrong instance
[17:23:23] <elukey>	 worker reports the above --^
[17:23:26] <gtirloni>	 nope, still looking around
[17:24:22] <paladox>	 gtirloni could it be the cloud virt?
[17:24:23] <Krenair>	 I don't really understand the exact role that the hypervisors play in networking but it seems puppet-paladox, kdc, and hadoop-worker-3 are all on separate hypervisor hosts
[17:24:34] <paladox>	 yup
[17:24:46] <paladox>	 im thinking maybe cloudvirt1018.eqiad.wmnet?
[17:25:23] <paladox>	 https://tools.wmflabs.org/openstack-browser/server/kdc.analytics.eqiad.wmflabs
[17:25:30] <paladox>	 and
[17:25:30] <paladox>	 https://tools.wmflabs.org/openstack-browser/server/hadoop-master-3.analytics.eqiad.wmflabs
[17:25:34] <paladox>	 both run on the same virt
[17:25:54] <paladox>	 does pinging hadoop-master-4.analytics.eqiad.wmflabs work elukey ?
[17:25:57] <Krenair>	 paladox, master is the wrong one
[17:26:00] <paladox>	 thats on a different virt
[17:26:03] <Krenair>	 he corrected it to hadoop-worker-3
[17:26:07] <paladox>	 oh
[17:26:40] <paladox>	 https://tools.wmflabs.org/openstack-browser/server/hadoop-worker-3.analytics.eqiad.wmflabs
[17:26:41] <paladox>	 ah ok
[17:26:54] <paladox>	 so that's on cloudvirt1023
[17:27:08] <Krenair>	 yeah but I don't know how relevant this info is
[17:28:48] <elukey>	 gtirloni: I removed your PERMANENT ip neigh setting to test if it was still working on kdc
[17:28:53] <elukey>	 (fyi)
[17:28:59] <gtirloni>	 ok
[17:29:08] <elukey>	 and it works, it returns incomplete
[17:29:12] <elukey>	 weird
[17:32:42] * elukey is too ignorant about this part of the infra
[17:35:33] <bd808>	 elukey: don't feel bad. the neutron SDN layer is new to all of us. I was just reading lots of wikitech pages and then decided that there are probably better things for me to spend my morning on ;)
[17:35:55] <elukey>	 bd808: :D
[17:37:09] <elukey>	 gtirloni: so from hadoop-worker-3 ping to 172.16.2.1 and 172.16.2.2 fail too
[17:37:18] <elukey>	 (if it can help)
[17:37:30] <elukey>	 and arp -n shows them as "incomplete"
[17:37:55] <elukey>	 PTR points to labs-ns1.wikimedia.org.
[17:38:31] <elukey>	 mmmm ping labs-ns1.wikimedia.org. works, ping to the IPs doesn't
[17:38:58] <elukey>	 no it turns out that I am not even able to read a DNS response on a friday evening
[17:39:02] * elukey cries in a corner
[17:39:21] <elukey>	 nevermind, those IPs don't have PTRs (apparently)
[17:39:26] <gtirloni>	 lol, thanks.. that's useful info
[17:40:42] <Krenair>	 I don't think anything can ping those 172.16.2.[12] IPs?
[17:41:20] <paladox>	 Krenair yup
[17:41:25] <paladox>	 i get 100% packet loss
[17:41:25] <paladox>	 3 packets transmitted, 0 received, 100% packet loss, time 2031ms
[17:41:31] <Krenair>	 can ping 172.16.0.1 which has no PTR
[17:42:32] <elukey>	 yeah 172.16.0.1 is the default gw
[17:44:02] <Krenair>	 (https://phabricator.wikimedia.org/T202886 is about naming that)
[17:46:53] <gtirloni>	 elukey: do you mind if I reboot kdc?
[17:57:07] <gtirloni>	 I don't see the icm packets leaving kdc and getting to the internal bridge so I'm guessing something is wrong with that VM in particular
[17:57:39] <gtirloni>	 I'd like to shut it down and bring it back up, in the hope that it'll reset any l2 bridging shenanigans
[17:57:45] <gtirloni>	 elukey: ^^
[18:00:03] <elukey>	 gtirloni: sure
[18:02:05] <elukey>	 I rebooted hadoop-worker-3 previously
[18:03:09] <elukey>	 gtirloni: rebooting kdc now
[18:03:38] <gtirloni>	 I'vejust rebooted it
[18:03:39] <gtirloni>	 it's back
[18:04:21] <gtirloni>	 but it didn't help
[18:04:42] <gtirloni>	 I've tested a new security group that allowed everything but still no go
[18:04:58] <gtirloni>	 tricky stuff
[18:05:51] <gtirloni>	 I forgot to ask, when did this start?
[18:07:50] <elukey>	 gtirloni: I am not sure since today I started experimenting with the host
[18:09:42] <elukey>	 I could try to kill hadoop-worker-3 and re-spawn it
[18:17:04] <gtirloni>	 !log admin restarted neutron-linuxbridge-agent on cloudvirt1018/1023
[18:17:06] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Admin/SAL
[18:42:26] <elukey>	 gtirloni: gtg now, thanks for the help.. if the hosts are in the same situation on Monday I'll try to spawn a new instance 
[18:43:10] <gtirloni>	 ok, i'll keep looking a bit more. have a great weekend
[18:49:15] <elukey>	 you too!
[20:08:25] <andrewbogott>	 !log cloud restarted neutron-linuxbridge-agent on cloudvirt1018 and cloudvirt1023
[20:08:26] <stashbot>	 andrewbogott: Unknown project "cloud"