[00:05:22] <andrewbogott>	 Krenair: great, deleting
[00:45:06] <Krenair>	 andrewbogott, done Hiera:Deployment-prep
[00:45:27] <Krenair>	 that was less disruptive than I was expecting
[00:54:53] <andrewbogott>	 Krenair: awesome, thank you!
[00:55:10] <Krenair>	 I was thinking about doing https://phabricator.wikimedia.org/T235218#5629788
[00:55:13] <andrewbogott>	 tools is the other scary one but I probably have to do that one myself
[00:55:47] <Krenair>	 I could just do something like "rsync -ar root@cloud-puppetmaster-01:/var/lib/puppet/server/ssl cloud-puppetmaster-frontend-ssl" and then back up to the new host
[00:56:02] <Krenair>	 of course this keeps copies of signed certs etc. which would get out of sync with the currently-live puppetmaster's set
[00:56:26] <Krenair>	 but maybe we can sync again when we're ready to switch over
[00:56:33] <andrewbogott>	 Yeah, we'll have to re-do the certs at the last minute
[00:57:04] <Krenair>	 oh, and I haven't put my key in the list for root@ access in that project
[00:57:51] <andrewbogott>	 so the other issue there involves geoipupdate right?
[00:57:59] <andrewbogott>	 Is that package itself actually non-free?
[00:58:11] <Krenair>	 yeah we decided to just ditch that one I think
[00:58:18] <andrewbogott>	 oh great :)
[00:58:33] <Krenair>	 IIRC the problem with it is that its only use is to get non-free data
[00:58:42] <andrewbogott>	 'k
[00:58:58] <andrewbogott>	 I'm going to go cook dinner but ping me if you get blocked by anything and I'll check back in after
[00:59:00] <Krenair>	 i.e. the MaxMind DB that is used by, for example, varnish servers to do GeoIP lookups in prod
[00:59:15] <Krenair>	 I'm going to sleep, I probably won't do anything more today
[00:59:18] <andrewbogott>	 Yeah, seems like we can live without that as long as we can make puppet happy
[00:59:23] <andrewbogott>	 oh, ok!  Have a good night, in that case :)
[11:59:38] <arturo>	 !log admin icinga downtime for 1h cloudcontrol1004, cloudnet1003, cloudvirt1017/1020/1022 for PDU operations in the rack T227542
[11:59:41] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Admin/SAL
[11:59:41] <stashbot>	 T227542: b7-eqiad pdu refresh (Tuesday 11/5 @12pm UTC) - https://phabricator.wikimedia.org/T227542
[13:55:28] <arturo>	 !log tools created 3 new VMs: `tools-k8s-etcd-[4,5,6]` T236826
[13:55:33] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools/SAL
[13:55:34] <stashbot>	 T236826: Toolforge: new k8s: initial build of the new kubernetes cluster - https://phabricator.wikimedia.org/T236826
[14:27:53] <andrewbogott>	 paladox, looks like the hiera for the 'git' project is mostly your doing — would you migrate those settings to Horizon as well?
[14:28:00] <andrewbogott>	 (And, are there other projects that are mostly yours?)
[15:01:29] <paladox>	 andrewbogott: I can though currently mobile, so will need to do that later.
[15:01:41] <andrewbogott>	 paladox: ok!  Just let me know when you finish, thanks
[15:01:52] <paladox>	 I think I’m in the planet project but doint think I have sudo for that one
[15:01:56] <paladox>	 Ok!
[16:16:42] <paladox>	 Hi, I guess it’s know that the *.wmflabs.org cert expires in 10 days?
[16:16:43] <paladox>	 I just got a warning about that
[16:19:52] <andrewbogott>	 cteam, we have a ticket for ^ don't we?  I can't find it :/
[16:20:29] <bd808>	 andrewbogott: yeah, cert is here just needs to be deployed. Let me find the ticket
[16:20:51] <andrewbogott>	 bd808: I don't need a link as long as someone is in charge of it and that someone isn't me :)
[16:20:56] <bd808>	 T237066
[16:20:57] <stashbot>	 T237066: Push renewed *.wmflabs.org certificate and new private key to cluster (expires 2019-11-16) - https://phabricator.wikimedia.org/T237066
[16:21:26] <andrewbogott>	 now why did my search string not match that...
[16:22:30] <arturo>	 I can handle that if nobody wants to :-P
[16:22:47] <andrewbogott>	 yes please!
[16:24:02] <paladox>	 Thanks bd808 andrewbogott and arturo
[16:27:37] <arturo>	 will do tomorrow in my morning
[16:44:56] <phamhi>	 !log tools restarted lighttpd based webservice pods on tools-worker-100[1-9] (T233347)
[16:45:00] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools/SAL
[16:45:00] <stashbot>	 T233347: Remove access.log generation from default lighttpd.conf generated by `webservice` - https://phabricator.wikimedia.org/T233347
[17:01:42] <jeh>	 !log openstack rebuild debian stretch image with latest bootstrapvz config
[17:01:44] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Openstack/SAL
[17:04:47] <phamhi>	  Hieu Pham !log tools restarted lighttpd based webservice pods on tools-worker-101[0-9] (T233347)
[17:04:48] <stashbot>	 T233347: Remove access.log generation from default lighttpd.conf generated by `webservice` - https://phabricator.wikimedia.org/T233347
[17:06:22] <Lucas_WMDE>	 phamhi: I think you need to !log that again without your name, if it was supposed to be a real log message
[17:06:33] <phamhi>	 oh ..thanks.. 
[17:06:43] <phamhi>	 !log tools restarted lighttpd based webservice pods on tools-worker-101[0-9] (T233347)
[17:06:45] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools/SAL
[17:34:23] <phamhi>	 !log tools restarted lighttpd based webservice pods on tools-worker-102[0-9] (T233347)
[17:34:27] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools/SAL
[17:34:28] <stashbot>	 T233347: Remove access.log generation from default lighttpd.conf generated by `webservice` - https://phabricator.wikimedia.org/T233347
[17:38:15] <phamhi>	 !log tools restarted lighttpd based webservice pods on tools-worker-103x and 1040 (T233347)
[17:38:19] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools/SAL
[18:36:31] <srish_aka_tux>	 @bd808 @bstorm_ Hi folks! I would need admin access to dashiki project https://tools.wmflabs.org/openstack-browser/project/dashiki to create a new instance for it, right? Should I create a Phab task requesting for permissions? This is for deploying the visualization dashboard https://phabricator.wikimedia.org/T226663.
[18:37:04] * arturo waves srish_aka_tux 
[18:37:15] <bstorm_>	 Hey!
[18:37:33] <bstorm_>	 That can be granted by the project admins, I think (which seems to be the analytics team)
[18:37:45] <bd808>	 srish_aka_tux: do you actually need a new instance? It looks like all the other dashboards are just a proxy pointing to the existing instance
[18:37:57] <bstorm_>	 We can do it by force as well, of course :)
[18:38:08] <bd808>	 nicer not to though
[18:40:03] <bd808>	 srish_aka_tux: I guess the TL;DR answer is that yes you would need to be a project admin to make a new instance or to setup a new proxy to an existing instance. And that the first folks to ask are the current admins for the dashiki project.
[18:40:20] <srish_aka_tux>	 OoO right! I just need a domain then :-/ What would be the process for setting that up? For deploying the dashboard to one of the existing instances, I would need admin rights, maybe?
[18:40:21] <bd808>	 If they are not responsive then you can escalate to us for help
[18:40:48] <milimetric>	 I'm responsive!  Sorry, we've just had some data issues we've been working on
[18:40:54] <milimetric>	 srish_aka_tux: I'll add you now
[18:40:55] <bd808>	 we do not generally force new admins into existing projects
[18:42:35] <milimetric>	 srish_aka_tux: what's your username on the instances?
[18:43:08] <srish_aka_tux>	 @milimetric it is srishakatux
[18:43:38] <milimetric>	 ok, srish_aka_tux you're an admin
[18:46:58] <srish_aka_tux>	 thanks @milimetric :) 
[19:08:15] <srish_aka_tux>	 @andrewbogott Hi! I just saw that you deleted this page https://wikitech.wikimedia.org/wiki/Hiera:Dashiki/host/dashiki-staging-01 and the one for prod in Wikitech. This means we no more need to add the hostname on Wikitech as we specify it while setting up the proxy in Horizon?
[19:13:56] <andrewbogott>	 srish_aka_tux: I'm afk but will catch up in 30 minutes or so
[19:14:25] <srish_aka_tux>	 @andrewbogott no problem :)
[19:23:40] <paladox>	 andrewbogott https://wikitech.wikimedia.org/wiki/Hiera:Git can be deleted now
[19:35:53] <andrewbogott>	 srish_aka_tux: I don't entirely know what's happening in that project, but that config data now lives in Horizon.  That same VM has an instance puppet tab there.
[19:36:09] <andrewbogott>	 I can't link to it because links don't work like that in Horizon but if you log in you can probably see what I mean
[19:36:12] <andrewbogott>	 paladox: thank you!
[19:40:36] <srish_aka_tux>	 @andrewbogott Okay! thanks.. 
[19:41:07] <andrewbogott>	 srish_aka_tux: we're removing those pages from wikitech as part of the (very gradual!) move away from having wikitech know things about openstack
[19:41:28] <paladox>	 yw :)
[19:45:22] <srish_aka_tux>	 @andrewbogott Yeah, I asked as they were linked from deployment instructions in here https://github.com/wikimedia/analytics-dashiki :) It seems like the on-wiki steps are needed, and the docs are outdated, but I will know more when I will do the deployment steps.  
[19:45:59] <andrewbogott>	 srish_aka_tux: web proxy management is also in horizon now
[20:48:50] <Zoranzoki21>	 Hi, I have questions related to Cloud VPS?
[20:48:52] <Zoranzoki21>	 !help
[20:48:52] <wm-bot>	 Zoranzoki21: If you don't get a response in 15-30 minutes, please create a phabricator task -- https://phabricator.wikimedia.org/maniphest/task/edit/form/1/?projects=wmcs-team
[20:48:57] <Zoranzoki21>	 Where I can access to panel?
[20:49:16] <andrewbogott>	 Zoranzoki21: I'm not sure I know what you mean by panel, can you tell me more?
[20:49:25] <Zoranzoki21>	 managing VPS
[20:49:28] <bd808>	 I'm guessing https://horizon.wikimedia.org/
[20:50:02] <Zoranzoki21>	 It requests 2FA
[20:50:04] <bd808>	 https://wikitech.wikimedia.org/wiki/Help:Cloud_VPS#Cloud_VPS_instance_administration_and_configurations
[20:50:34] <bd808>	 Zoranzoki21: correct, 2FA on your Developer account via Wikitech is required to use Horizon
[20:53:29] <Zoranzoki21>	 Will enable
[20:56:05] <Zoranzoki21>	 Enabled, cool!
[20:57:10] <Zoranzoki21>	 Why I see tools project?
[20:57:44] <bd808>	 Zoranzoki21: because you are a member of that project
[20:58:02] <bd808>	 you are not an admin there, so you should not be able to change anything
[20:58:11] <bd808>	 if you can... file a security bug please :)
[20:58:14] <Zoranzoki21>	 Yes, it is right, but I was confused when I logged on horizon
[20:58:22] <Zoranzoki21>	 But I can't change anything
[20:58:39] <Zoranzoki21>	 Horizon is cool, I can't wait to get my VPS created :)
[21:00:18] <Zoranzoki21>	 But I believe to I will get it soon, task is assigned to bstorm_
[21:01:20] <bstorm_>	 Yup!
[21:03:54] <milimetric>	 andrewbogott: I'm not sure where in Horizon that hiera config is
[21:04:29] <milimetric>	 was looking but didn't seem obvious
[21:04:35] <andrewbogott>	 milimetric: for a project or for a single VM?
[21:05:05] <milimetric>	 uh... I believe these are per-vm, I don't know much about it other than they generated apache config sections
[21:05:46] <andrewbogott>	 milimetric: So when you say "that hiera config" I assume you're referring to a previous conversation or something?
[21:06:10] <milimetric>	 from above, srish_aka_tux was showing you some Hiera:Dashiki pages that you deleted
[21:06:10] <andrewbogott>	 Project-wide puppet config is in the 'puppet' link in the sidebar in horizon
[21:06:15] <andrewbogott>	 oh, ok
[21:06:34] <milimetric>	 ah, found it
[21:06:42] <milimetric>	 it's in the Puppet Config tab on the instance
[21:06:43] <milimetric>	 thanks!
[21:06:50] <andrewbogott>	 ah, yep
[21:07:00] <andrewbogott>	 I was getting there but couldn't remember the names of the whole tab tree to get there
[21:07:18] <andrewbogott>	 milimetric: if you want to just enter raw hiera you can scroll to the bottom and switch to 'yaml mode'
[21:07:54] <milimetric>	 ah!  cool, well, I'm not opposed to the little edit things, it's a simple enough change
[21:08:01] <milimetric>	 will just have to update the docs, thanks!
[22:12:12] <bstorm_>	 !log tools pushed docker-registry.tools.wmflabs.org/maintain-kubeusers:beta to the registry to deploy in toolsbeta
[22:12:14] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools/SAL
[22:23:44] <bstorm_>	 Zoranzoki21: 👋🏻
[22:23:59] <bstorm_>	 How long has it been since you stood up your VM?  I can take a look at it
[22:24:10] <Zoranzoki21>	 bstorm_: I connected now :D
[22:24:14] <bstorm_>	 Greaty
[22:24:15] <Zoranzoki21>	 With ssh -J zoranzoki21@primary.bastion.wmflabs.org zoranzoki21@srwiki-dev1.srwiki-dev.eqiad.wmflabs
[22:24:17] <bstorm_>	 *great!
[22:24:21] <Zoranzoki21>	 How I can make it easily
[22:25:14] <bstorm_>	 Generally, you can put some of that into a config file on your system in `.ssh/config`
[22:25:22] <bstorm_>	 Let me see if we have some info on that on the wiki
[22:26:06] <Zoranzoki21>	 I tried to make .config file
[22:26:09] <Zoranzoki21>	 But this happens:
[22:26:10] <Zoranzoki21>	 ssh: Could not resolve hostname srwiki-dev1.srwiki-dev.eqiad.wmflabs: Name or service not known
[22:26:15] <bstorm_>	 Ah ok
[22:27:14] <bstorm_>	 So the part you want is here: https://wikitech.wikimedia.org/wiki/Help:Access#Accessing_instances_with_ProxyJump_ssh_option_(recommended)
[22:27:38] <bstorm_>	 https://www.irccloud.com/pastebin/Ii1DctwM/
[22:28:03] <bstorm_>	 If you have the right things swapped in for <your-shell-name> then that should fix the problem
[22:28:08] <Zoranzoki21>	 Content of file: https://phabricator.wikimedia.org/F31016690
[22:28:32] <bstorm_>	 Are you on Windows?
[22:28:40] <Zoranzoki21>	 Yes
[22:28:43] <bstorm_>	 It should be `.ssh/config`
[22:28:47] <bstorm_>	 not .config
[22:29:05] <bstorm_>	 That could be it
[22:29:15] <Zoranzoki21>	 Yep, works
[22:29:24] <Zoranzoki21>	 But it should be updated in documentation
[22:29:24] <bstorm_>	 Great! :)
[22:29:50] <bstorm_>	 I'll see if I can find that typo
[22:30:13] <Zoranzoki21>	 https://wikitech.wikimedia.org/wiki/Help:Access#Accessing_public_and_private_Cloud_VPS_instances shows .config for all
[22:30:40] <bstorm_>	 I see .ssh/config so far.  Maybe I'm not finding it
[22:30:42] <Zoranzoki21>	 Oh I am wrong
[22:30:47] <Zoranzoki21>	 You are right
[22:30:52] <Zoranzoki21>	 I am sorry :/
[22:31:04] <Zoranzoki21>	 How to install some software?
[22:31:10] <Zoranzoki21>	 I can use apt-get or?
[22:32:50] <andrewbogott>	 Zoranzoki21, you want to run mediawiki there don't you?
[22:33:08] <andrewbogott>	 the usual way that happens is with https://wikitech.wikimedia.org/wiki/Help:MediaWiki-Vagrant_in_Cloud_VPS
[22:33:50] <Zoranzoki21>	 Yes, right
[22:35:18] <bstorm_>	 !log tools upgraded libpython3.4 libpython3.4-dbg libpython3.4-minimal libpython3.4-stdlib python3.4 python3.4-dbg python3.4-minimal to fix an old broken patch T237468
[22:35:22] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools/SAL
[22:35:22] <stashbot>	 T237468: tools-k8s-master-01 (Kubernetes API server for toolforge) has failing puppet staleness cron - https://phabricator.wikimedia.org/T237468
[22:40:59] <Zoranzoki21>	 -bash: cd: /srv/mediawiki-vagrant: No such file or directory
[22:41:13] <Zoranzoki21>	 I enabled role on horizon
[22:44:28] <Zoranzoki21>	 Ok, works.. It takes some time to create
[22:49:54] <Krenair>	 !log tools Disassociated floating IP 185.15.56.60 from tools-static-13, traffic to this host goes via the project-proxy now. DNS was already changed a few days ago. T236952
[22:49:59] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools/SAL
[22:49:59] <stashbot>	 T236952: Move tools-static.wmflabs.org behind project-proxy - https://phabricator.wikimedia.org/T236952
[22:50:56] <bstorm_>	 !log toolsbeta deployed the new maintain-kubeusers to toolsbeta T215531 T228499
[22:50:59] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Toolsbeta/SAL
[22:51:00] <stashbot>	 T215531: Deploy upgraded Kubernetes to toolsbeta - https://phabricator.wikimedia.org/T215531
[22:51:00] <stashbot>	 T228499: Toolforge: changes to maintain-kubeusers - https://phabricator.wikimedia.org/T228499
[23:08:11] <Krenair>	 !log tools Dropped 59a77a3, 3830802, and 83df61f from tools-puppetmaster-01:/var/lib/git/labs/private cherry-picks as these are no longer required T206235
[23:08:14] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools/SAL
[23:36:38] <bd808>	 Zoranzoki21: b.storm_ told me you are working through some issues getting MediaWiki-Vagrant working on your new instance?
[23:36:45] <bd808>	 Anything I can help with?
[23:38:48] <Zoranzoki21>	 http://srwiki-dev.wmflabs.org shows me 504. I made a web proxy, bstorm_ told me how to create web security group I done it
[23:39:09] <Zoranzoki21>	 Too I made cat /srv/mediawiki-vagrant/puppet/hieradata/local.yaml
[23:39:11] <Zoranzoki21>	 with content:
[23:39:16] <Zoranzoki21>	 role::mediawiki::hostname: srwiki-dev.wmflabs.org
[23:39:45] <bstorm_>	 It's doing that timeout thing, bd808...we just set up a sec group wide open on port 80 and 8080, which should fix that part of it
[23:39:58] <bstorm_>	 Not sure about the proxy setup myself (not sure I've done one)
[23:40:28] <bd808>	 hmmm... yeah I see it spinning in my browser. Let me see if I can spot anything strange about the proxy config
[23:41:14] <Zoranzoki21>	 OH, I added web security group with option edit instance in https://horizon.wikimedia.org/project/instances/
[23:42:22] <bd808>	 that's better :)
[23:42:45] <bstorm_>	 Doh!
[23:42:46] <bd808>	 now it looks like you need to run puppet inside the vagrant managed LXC container again
[23:43:08] <bd808>	 cd /srv/mediawiki-vagrant; vagrant provision
[23:43:15] <bstorm_>	 That's what it was, the security group needed to be applied to the instance.  Good thinking, <Zoranzoki21> 
[23:43:39] <Zoranzoki21>	 bd808: LXC container... You think on vagrant ssh?
[23:44:58] <Zoranzoki21>	 I run vagrant provision
[23:45:34] <bd808>	 Zoranzoki21: when you run `vagrant ...` from the /srv/mediawiki-vagrant directory on srwiki-dev1.srwiki-dev.eqiad.wmflabs, it works in basically the same way as running vagrant on your laptop. The main difference (for most people) is that instead of the wiki running inside of a Virutalbox VM, it runs inside an LXC container.
[23:46:41] <Zoranzoki21>	 Ok.. Output of vagrant provision: https://pastebin.com/XsYJQ8TE
[23:49:44] <bstorm_>	 That looks positive
[23:50:19] <bd808>	 hmmmm.
[23:50:23] <Zoranzoki21>	 Yes, right
[23:51:18] <bd808>	 I tried the full wikifarm setup for you too -- https://wikitech.wikimedia.org/wiki/Help:MediaWiki-Vagrant_in_Cloud_VPS#Run_a_wikifarm -- and I'm still seeing the "No wiki found" page which means the vhost name is not actually being used as expected
[23:52:58] <bd808>	 4th puppet run was the fix? -- https://srwiki-dev.wmflabs.org/wiki/Main_Page
[23:53:54] <Zoranzoki21>	 Lo
[23:53:55] <Zoranzoki21>	 Lol
[23:53:59] <Zoranzoki21>	 Thank you very much!
[23:55:58] <Zoranzoki21>	 How to log in>
[23:59:33] <Zoranzoki21>	 I made account via createAndPromote.php everything works, thank you for help very much!