[00:26:08] <andrewbogott>	 !log utrs moving VMs to eqiad1-r
[00:26:09] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Utrs/SAL
[13:44:38] <Hydriz>	 andrewbogott: Available?
[13:55:25] <arturo>	 Hydriz: may I help you?
[13:55:55] <Hydriz>	 That would be great, can you check if there is anything wrong with the dumps project?
[13:56:06] <arturo>	 wrong if which sense?
[13:56:09] <Hydriz>	 Horizon reports an incorrect usage for eqiad1-r region
[13:56:20] <Hydriz>	 In terms of instances, ram and cpu
[13:56:31] * arturo checking
[13:56:57] <Hydriz>	 Relevant Phab task: https://phabricator.wikimedia.org/T204503
[13:58:40] <arturo>	 Hydriz: `project quotas seems to be incorrectly showing 6 instances when it should be 4` <--- this, right?
[13:58:54] <Hydriz>	 Yep
[13:59:13] <Hydriz>	 More specifically with the RAM and CPU parts
[14:00:02] <Hydriz>	 And not really quotas, it's the project usage, apologies for the wrong choice of words
[14:06:33] <andrewbogott>	 arturo: quotas getting out of sync is a known issue, the (terrible) fix is to set things to -1 in the database and let it recalculate.
[14:06:38] <andrewbogott>	 I can do it unless you're interested
[14:06:54] <arturo>	 oh...
[14:06:54] <andrewbogott>	 btw I can ssh to dumps-stats just fine
[14:07:31] <arturo>	 andrewbogott: please do it, I'm about to look for lunch
[14:07:41] <andrewbogott>	 ok
[14:08:58] <Hydriz>	 andrewbogott: Yeah dumps-stats is fine, it was dumps-0 which I had deleted already
[14:18:36] <andrewbogott>	 Hydriz: try creating a new VM now?
[14:19:36] <Hydriz>	 andrewbogott: Launching dumps-0
[14:23:25] <andrewbogott>	 usage displays are still messed up there but at least you're unblocked
[14:26:03] <Hydriz>	 andrewbogott: Yep I've logged in nicely, thanks!
[14:38:00] <paladox>	 andrewbogott: I wonder if we should set it to -1 for all projects (for it to recalculate) after all projects have been migrated to eqiad1-r?
[14:38:50] <andrewbogott>	 Well, setting it to -1 didn't work right this time.  I wouldn't mind forcing recalcs if I knew how to do it reliably.
[14:39:07] <andrewbogott>	 Looks like that cache has been (wisely) removed in future versions since it's never in sync
[15:00:47] <wm-bot>	 KPADSIBIJSWJREDMAQUIMNJKNJJHLCQNEEPGSNWJ Technical Advice IRC meeting starting in 60 minutes in channel #wikimedia-tech, hosts: @Thiemo_WMDE & @chiborg - all questions welcome, more infos: https://www.mediawiki.org/wiki/Technical_Advice_IRC_Meeting
[15:18:25] <urandom>	 !help is there some delay between adding a new SSH key in the Wikitech interface, and having it recognized on bastion.wmflabs.org?
[15:18:25] <wm-bot>	 Sorry, you are not authorized to perform this
[15:18:51] <bstorm_>	 wm-bot seems drunk.
[15:19:46] <gtirloni>	 urandom: I believe Puppet has to run first before the keys are replaced
[15:20:33] <bstorm_>	 :1  
[15:20:40] <bstorm_>	 Sorry +1
[15:20:44] <bstorm_>	 I suspect the same.
[15:21:00] <bstorm_>	 So, what kind of delay are we talking about?
[15:21:18] <gtirloni>	 it runs at 0,30 every hour, right? depends on when it was changed
[15:22:16] <urandom>	 It was changed 10 mins ago
[15:22:45] <urandom>	 so we'll try in other 10 mins or so
[15:30:10] <andrewbogott>	 personal keys are stored in ldap so should be available immediately.
[15:37:25] <urandom>	 andrewbogott: I believe you, since it's past :30 and it still doesn't work :)
[15:38:31] <urandom>	 andrewbogott: `/usr/sbin/ssh-key-ldap-lookup <user>` from a cloud VM shows the key though
[15:38:45] <urandom>	 and, `<user` is clarakosi in this instance :)
[15:38:50] * urandom waves at clarakosi 
[15:39:16] * clarakosi waves back at urandom 
[15:39:25] <andrewbogott>	 urandom: what are you trying to connect to?
[15:40:12] <urandom>	 andrewbogott: a VM
[15:40:22] <andrewbogott>	 that doesn't really narrow it down
[15:40:22] <urandom>	 kask.services.eqiad.wmflabs
[15:41:41] <andrewbogott>	 using what bastion?
[15:41:47] <urandom>	 bastion.wmflabs.org
[15:42:35] <andrewbogott>	 so, the most frequent cause of this problem is people omitting the <username>@hostname and having a different username on their local machine
[15:43:01] <andrewbogott>	 to narrow things down I'd also suggest ssh'ing directly to the bastion to see if there's an issue with the proxy command.
[15:43:07] <urandom>	 clarakosi: what does `whoami` return on your notebook?
[15:43:19] <urandom>	 andrewbogott: yeah, we did that and it failed
[15:43:30] <urandom>	 clarakosi: is it something other than your wikitech username?
[15:43:44] <urandom>	 (I shouldn't have assumed they'd be the same)
[15:43:48] <andrewbogott>	 I see 'invalid user juanangel'
[15:43:59] <clarakosi>	 ahhh yeah its different. `candrew`
[15:44:20] <urandom>	 ok, try: `ssh clarakosi@kask.services.eqiad.wmflabs`
[15:45:24] <clarakosi>	 same thing. permission denied. 
[15:45:57] <urandom>	 clarakosi: and `ssh clarakosi@bastion.wmflabs.org` ?
[15:46:55] <andrewbogott>	 looks like that worked?
[15:47:09] <urandom>	 clarakosi: did you get a shell on bastion?
[15:47:31] <clarakosi>	 no its still denied
[15:50:27] <andrewbogott>	 try -vvv and let's see why it thinks it's denied
[15:50:37] <wm-bot>	 KPADSIBIJSWJREDMAQUIMNJKNJJHLCQNEEPGSNWJ Technical Advice IRC meeting starting in 10 minutes in channel #wikimedia-tech, hosts: @Thiemo_WMDE & @chiborg - all questions welcome, more infos: https://www.mediawiki.org/wiki/Technical_Advice_IRC_Meeting
[15:50:54] <andrewbogott>	 wm-bot are you ok?
[15:51:09] <urandom>	 i.e. `ssh -vvv clarakosi@bastion.wmflabs.org`
[15:51:12] <urandom>	 clarakosi: ^^^
[15:51:24] <urandom>	 and it'll produce a lot of output
[15:51:33] <paladox>	 Try -i <path to ssh key>
[15:51:44] <clarakosi>	 no wait the last one worked
[15:51:51] <urandom>	 \o/
[15:51:52] <clarakosi>	 sorry I put in the wrong passphrase
[15:52:08] <urandom>	 clarakosi: are you having to enter a passphrase each time?
[15:52:17] <clarakosi>	 yes
[15:52:29] <urandom>	 oh...you shouldn't have to do that
[15:52:37] <urandom>	 but my macos-fu is weak
[15:53:05] <paladox>	 I think that’s expected if a key has a passkey
[15:53:20] <urandom>	 clarakosi: OK, so you got a shell on bastion and the prompt changed to `eevans@bastion-01:~$` ?
[15:53:29] <urandom>	 macos doesn't have an agent?
[15:53:41] <clarakosi>	 yup now it says `clarakosi@bastion-01:~$`
[15:53:48] <urandom>	 ok, type `exit`
[15:54:01] <urandom>	 or `<CTRL>+d`
[15:54:06] <clarakosi>	 ok. connection closed
[15:54:07] <urandom>	 to get back to your terminal
[15:54:27] <urandom>	 and try: `ssh clarakosi@kask.services.eqiad.wmflabs` again
[15:55:00] <clarakosi>	 lol denied
[15:55:26] <urandom>	 any chance you mistyped the passphrase?
[15:55:34] <urandom>	 I take it you had to enter it yet again?
[15:55:40] <clarakosi>	 Didn't even ask for it this time
[15:55:51] <clarakosi>	 automatically denied it
[15:55:59] <urandom>	 ??
[15:56:11] <urandom>	 maybe up-arrow and try that bastion login again?
[15:56:32] <paladox>	 clarakosi: try ssh -I <path to key> clarakosi@kask.services.eqiad.wmflabs
[15:57:55] <urandom>	 clarakosi: `ssh clarakosi@bastion.wmflabs.org` (and I'm also curious whether you're prompted for that passphrase again)
[15:57:56] <paladox>	 Oh 
[15:58:03] <paladox>	 You have to proxy through bastion
[15:58:27] <urandom>	 paladox: that should be happening
[15:58:42] <paladox>	 So unless you have something that picks up kask.services.eqiad.wmflabs it won’t work
[15:59:02] <clarakosi>	 paladox: still nothing
[15:59:05] <paladox>	 https://wikitech.wikimedia.org/wiki/Help:Access#Accessing_instances_with_ProxyCommand_ssh_option_(recommended)
[15:59:19] <urandom>	 paladox: we setup a `~/.ssh/config` earlier
[15:59:20] <clarakosi>	 urandom: it does ask for the passphrase with that one
[15:59:37] <paladox>	 Yup
[15:59:46] <urandom>	 clarakosi: OK, so it *does* prompt you for a password logging into bastion, and the login works?
[15:59:55] <urandom>	 and it does not for the VM, and it fails?
[16:00:05] <urandom>	 if so, that does sound like the proxycommand isn't working
[16:00:59] <clarakosi>	 Yup logging into bastion asks for passphrase and works but with the VM it automatically fails. Says permission denied.
[16:01:15] <urandom>	 clarakosi: `cat ~/.ssh/config`
[16:01:38] <paladox>	 Host *.eqiad.wmflabs
[16:01:39] <paladox>	     ProxyCommand ssh -a -W %h:%p clarakosi@primary.bastion.wmflabs.org
[16:01:43] <paladox>	 Does that work?
[16:02:41] <urandom>	 clarakosi: also: `ls -l ~/.ssh/config`
[16:03:42] <clarakosi>	 paladox: that didn't work
[16:03:52] <paladox>	 Oh :(
[16:04:07] <paladox>	 Can you ssh into any other instance
[16:04:12] <paladox>	 That your a member of?
[16:04:31] <urandom>	 this our first attempt at logging into any of them
[16:12:13] <urandom>	 we're in!
[16:12:19] <clarakosi>	 paladox: you were right!! I just had to move it up the config page
[16:12:29] <clarakosi>	 Thank you!
[16:12:32] <urandom>	 paladox: clarakosi added your proxycommand to the top of the file, and it worked
[16:13:05] <urandom>	 I've no idea, we matched hers to mine before this (and it works for me), but umm... it works, so... yeah. :)
[17:31:09] <gtirloni>	 !log contintcloud deleted project (T209644)
[17:31:11] <stashbot>	 gtirloni: Unknown project "contintcloud"
[17:31:11] <stashbot>	 T209644: Delete contintcloud WMCS project - https://phabricator.wikimedia.org/T209644
[17:32:36] <gtirloni>	 !log project-contintcloud deleted project (T209644)
[17:32:36] <stashbot>	 gtirloni: Unknown project "project-contintcloud"
[17:33:00] <gtirloni>	 !log admin deleted contintcloud project (T209644)
[17:33:02] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Admin/SAL
[21:02:33] <physikerwelt>	 Hi, I have a new phone and I am trying to move 2fa to the new phone. I deactivated 2fa successfully but now I can not enable it. I get an exception but can not see the details. Is someone with access to the  error logs around?
[21:03:35] <physikerwelt>	 " If you report this error to the Wikimedia System Administrators, please include the details below.    PHP fatal error: 
[21:03:36] <physikerwelt>	   Argument 1 passed to Monolog\Processor\WebProcessor::__invoke() must be an instance of array, null given"
[21:04:35] <paladox>	 andrewbogott ^^
[21:04:43] <mutante>	 !log ircd delete instance udpmx-01 (not used, created by me in May 2016 
[21:04:45] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Ircd/SAL
[21:07:58] <Krenair>	 physikerwelt, interesting
[21:08:21] <Krenair>	 can you file a task?
[21:09:31] <physikerwelt>	 sure will do I was hoping to make progress on 
[21:09:33] <physikerwelt>	 https://phabricator.wikimedia.org/T204509
[21:12:29] <physikerwelt>	 https://phabricator.wikimedia.org/T210669
[21:12:49] <physikerwelt>	 should I classify it as cloud or monolog task?
[21:13:30] <physikerwelt>	 I got the impression that there are two problems... 
[21:18:23] <bd808>	 physikerwelt: we had another report of that error today. I'm going to merge your report into the other one. I think the bug is in OATHAuth itself, but not 100% sure yet
[21:19:33] <andrewbogott>	 I just tried and the same thing happens to me.  It's easy to reproduce!
[21:19:44] <physikerwelt>	 bd808: thank you. Are you aware of a workaround?
[21:20:17] <bd808>	 physikerwelt: not yet sadly. It probably bad code in OATHAuth that we need to fix or revert
[21:21:32] <physikerwelt>	 ok sorry andrewbogott I did not think about that successfully reproducing this leads to being unable to access horizon...
[21:21:47] <andrewbogott>	 it's ok :)  It needs fixing soon regardless
[21:25:07] <physikerwelt>	 ok have a great day. And thanks for your amazing support
[21:31:25] <andrewbogott>	 bd808: did you merge that ticket with something?
[22:46:57] <notconfusing>	 How do I switch on nginx for my new stretch server? I.e. I have a new webproxy but I  don't know which directory nginx is resolving it to?
[23:02:19] <bd808>	 notconfusing: I'm not sure I understand your question. Are you asking how to start nginx or something else?
[23:03:14] <notconfusing>	 yes. for instance on my ubuntu serevr whgi.wmflabs.org used to point to a specific static directory. i set a new proxy whgi2.wmflabs.org to the stretch machine, but how do i tell nginx where to look? bd808
[23:03:59] <notconfusing>	 nginx seems to be running, but im not sure where the config file is to define where the traffic on port 80 should go
[23:05:03] <bd808>	 the config would be in /etc/nginx/...
[23:06:55] <notconfusing>	 bd808: i don't have such a directory on whgi.eqiad.wmflabs
[23:07:19] <bd808>	 notconfusing: I don't see nginx installed there
[23:08:03] <notconfusing>	 do i need to install nginx myself? because if i go to http://whgi2.wmflabs.org/ i see nginx already running
[23:08:34] <bd808>	 that's the reverse proxy server, not something on your instance
[23:09:02] <notconfusing>	 so should i install nginx or apache locally?
[23:09:03] <bd808>	 traffic goes internet -> proxy -> your instance
[23:09:19] <bd808>	 if you want to serve http, yes :)
[23:09:29] <notconfusing>	 ok, thanks for clearing that up
[23:10:02] <notconfusing>	 thank you bd808 i was so confused...