[01:23:37] <Krenair>	 Zppix, yes
[01:23:57] <Krenair>	 changing context from default to toolforge = you're now talking to an entirely separate k8s cluster
[01:24:14] <Krenair>	 you won't be able to see both simultaneously
[01:39:18] <Zppix>	 Thanks Krenair
[01:41:59] <TheSandDoctor>	 I recently had a brand new cloud ops project created. However, just logging into horizon for the first time today, I noticed there are 3 instances already created?
[01:42:43] <TheSandDoctor>	 Is that normal?
[01:43:40] <Krenair>	 TheSandDoctor, no, what's the project name?
[01:44:25] <TheSandDoctor>	 @Krenair commons-corruption-checker
[01:44:30] <TheSandDoctor>	 https://phabricator.wikimedia.org/T241635
[01:44:43] <Krenair>	 It's empty TheSandDoctor: https://tools.wmflabs.org/openstack-browser/project/commons-corruption-checker
[01:44:52] <Krenair>	 can you give me an example of an instance you see in horizon?
[01:45:05] <TheSandDoctor>	 bastion-eqiad1-02
[01:45:26] <Krenair>	 um
[01:45:30] <Krenair>	 that won't be a part of your project
[01:45:36] <Krenair>	 that will be a part of the bastion project
[01:45:44] <Krenair>	 sounds like you logged into horizon but never switched to your project?
[01:46:28] <TheSandDoctor>	 you'd be right. I didnt realize I had to and was rather confused (never logged into horizon before)
[01:46:33] <TheSandDoctor>	 thanks @Krenair
[01:46:56] <Krenair>	 how else would it know which project you want to look at?
[05:11:14] <TheSandDoctor>	 I was happily on my vps just now and got booted off. (Closed by remote host)
[05:11:34] <TheSandDoctor>	 Now trying to reconnect gives me Permission denied (publickey)
[05:11:49] <TheSandDoctor>	 Same correct password and it passes first authentication prior to jump
[05:14:43] <TheSandDoctor>	 debug1: Authentication succeeded (publickey).
[05:14:43] <TheSandDoctor>	 Authenticated to primary.bastion.wmflabs.org ([185.15.56.13]:22).
[05:14:47] <TheSandDoctor>	 fails after that
[05:15:33] <TheSandDoctor>	 cycles through my keys and then says
[05:15:41] <TheSandDoctor>	 https://www.irccloud.com/pastebin/Sdfvl70q/
[05:30:02] <TheSandDoctor>	 !help ^
[05:30:02] <wm-bot>	 TheSandDoctor: If you don't get a response in 15-30 minutes, please create a phabricator task -- https://phabricator.wikimedia.org/maniphest/task/edit/form/1/?projects=wmcs-team
[05:30:44] <andrewbogott>	 TheSandDoctor: I'll have a look
[05:31:31] <andrewbogott>	 TheSandDoctor: try again now?
[05:32:05] <TheSandDoctor>	 same @andrewbogott
[05:32:14] <andrewbogott>	 yep, I'm watching the logfile
[05:36:45] <andrewbogott>	 I think I'm able to reproduce the problem, investigating still
[05:37:13] <TheSandDoctor>	 ok. thanks @andrewbogott
[05:37:17] <TheSandDoctor>	 rather odd haha
[05:37:22] <andrewbogott>	 any chance you uninstalled python?
[05:37:35] <TheSandDoctor>	 I moved it and put 3.8 in
[05:37:38] <TheSandDoctor>	 that break things?
[05:37:40] <andrewbogott>	 ok, that's what broke it
[05:37:44] <TheSandDoctor>	 darn
[05:37:52] <andrewbogott>	 you can have multiple versions of python installed, no need to break the existing python interpreter
[05:37:55] <TheSandDoctor>	 so instance bricked now?
[05:37:56] <andrewbogott>	 lots of system things rely on that
[05:38:07] <andrewbogott>	 nah, I can probably reinstall python2 if that won't ruin your day
[05:38:15] <TheSandDoctor>	 no it wont
[05:38:23] <TheSandDoctor>	 thanks @andrewbogott and apologies
[05:38:41] <andrewbogott>	 https://www.irccloud.com/pastebin/rl6cOgKR/
[05:38:45] <andrewbogott>	 ^ definitely the problem :)
[05:39:14] <TheSandDoctor>	 I see
[05:39:21] <TheSandDoctor>	 lol oops
[05:39:36] <TheSandDoctor>	 didnt realize it depended on python2
[05:39:43] <TheSandDoctor>	 didnt think that that would brick anything haha
[05:39:44] <AntiComposite>	 boo
[05:41:47] <andrewbogott>	 TheSandDoctor: try now?
[05:42:12] <TheSandDoctor>	 in.
[05:42:16] <andrewbogott>	 great
[05:42:16] <TheSandDoctor>	 thanks @andrewbogott
[05:42:23] <TheSandDoctor>	 didnt think that that would break it haha - sorry
[05:42:30] <andrewbogott>	 I just did 'apt-get install —reinstall python-minimal' to get the binary put back in /usr/bin/
[05:42:34] <andrewbogott>	 no worries!
[05:43:40] <TheSandDoctor>	 @andrewbogott How did you get in without it booting you off?
[05:43:49] <andrewbogott>	 I have a root key :)
[05:43:53] <TheSandDoctor>	 :P
[05:44:02] <andrewbogott>	 it bypasses the ldap lookup (which is a python script)
[05:44:06] <andrewbogott>	 handy for cases like this
[05:44:11] <TheSandDoctor>	 definitely
[05:44:26] <AntiComposite>	 Sounds like that python script should be tested with and switched to python3
[05:44:41] <TheSandDoctor>	 hopefully that is updated to python 3 at some point. 2 is being discontinued very soon I thought(?)
[05:44:47] <AntiComposite>	 19 days ago.
[05:44:51] <TheSandDoctor>	 ^^
[05:45:10] <TheSandDoctor>	 @andrewbogott is the script public by any chance?
[05:45:17] <TheSandDoctor>	 or is that a restricted/closed thing?
[05:45:20] <AntiComposite>	 (well, kinda, there's one release left, but there's a change freeze between now and then)
[05:45:29] * TheSandDoctor might try updating if it is former
[05:45:39] <andrewbogott>	 cat /usr/sbin/ssh-key-ldap-lookup
[05:45:48] <andrewbogott>	 but it's puppetized, will be reverted if you change it
[05:45:53] <TheSandDoctor>	 :(
[05:46:08] <TheSandDoctor>	 so....someone with the permissions needs to fix it for one & all :P
[05:46:14] * TheSandDoctor nominates @andrewbogott
[05:46:15] <TheSandDoctor>	 :P
[05:46:28] <andrewbogott>	 patches for https://phabricator.wikimedia.org/T229920 welcome
[05:46:55] <TheSandDoctor>	 subscribed and I shall take a look @andrewbogott. thanks for the link
[05:47:20] <andrewbogott>	 pretty much all those scripts are in https://gerrit.wikimedia.org/r/#/admin/projects/operations/puppet
[05:47:54] <TheSandDoctor>	 thanks!
[05:47:59] * TheSandDoctor will take a look shortly
[05:48:32] * andrewbogott -> lunch
[06:08:21] <legoktm>	 !log codesearch temporarily taking everything down to free up disk space (T243121)
[06:08:24] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Codesearch/SAL
[06:08:24] <stashbot>	 T243121: CodeSearch shows unable to contact hound on visit - https://phabricator.wikimedia.org/T243121
[06:16:30] <AntiComposite>	 Took a look at the script, the only changes that need to be made are the /usr/bin/python at the top and the print statement on line 134. That and bumping pyyaml and python-ldap to a python3 version
[14:47:44] <paladox>	 https://github.com/wikimedia/operations-mediawiki-config/blob/master/wmf-config/LabsServices.php#L15 probably want to change that?
[17:41:47] <Jayprakash12345>	 !log tools.wikifile-transfer Added User Preference (T241736)
[17:41:51] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.wikifile-transfer/SAL
[17:41:51] <stashbot>	 T241736: wikifile-transfer: Add "save preference" - https://phabricator.wikimedia.org/T241736
[18:26:56] <TheSandDoctor>	 That's strange. On windows ssh-ing into my instance and using 'sudo' asks for a password, yet on mac it doesnt
[18:27:17] <TheSandDoctor>	 I dont think I have a password(?) I connect via keys
[18:27:49] <TheSandDoctor>	 nvm.
[18:27:51] <TheSandDoctor>	 that's on me
[18:27:59] <TheSandDoctor>	 for some reason it decided not to forward me
[18:31:14] <TheSandDoctor>	 ==
[18:31:22] <TheSandDoctor>	 https://www.irccloud.com/pastebin/LFketnkT/
[18:31:40] <TheSandDoctor>	 For some reason I get that on windows 10 when following https://wikitech.wikimedia.org/wiki/Help:Accessing_Cloud_VPS_instances#Windows_10
[18:35:17] <TheSandDoctor>	 Even when adding to my ssh config file the entries from that link it doesnt like it on windows (tbf though, it didnt on mac either - but the above command worked there)
[18:35:21] <TheSandDoctor>	 https://www.irccloud.com/pastebin/CuCKkIQr/
[18:48:10] <Gopa>	 Deploying VideoCutTool back-end in toolforge at https://tools.wmflabs.org/video-cut-tool-back-end/  is failing multiple times, It's a node.js tool and node version is v12.14.1. I realised toolforge is only supporting node version <=node10 got to know from https://wikitech.wikimedia.org/wiki/Help:Toolforge/Web#Running_npm_with_webservice_shell, Requesting WM Cloud services to enable to deploy nodejs tools version 
[18:48:10] <Gopa>	 12.14.1 sooner.
[19:04:20] <TheSandDoctor>	 !help
[19:04:20] <wm-bot>	 TheSandDoctor: If you don't get a response in 15-30 minutes, please create a phabricator task -- https://phabricator.wikimedia.org/maniphest/task/edit/form/1/?projects=wmcs-team
[19:11:30] * Gopa created phab regarding this: https://phabricator.wikimedia.org/T243159
[19:14:11] <bstorm_>	 TheSandDoctor: Still having issues with Win10, or is it something else?
[19:15:19] <bstorm_>	 I haven't had any problems using my config on win10, but you have to deliberately enable the openssh agent in services.msc if you are using the agent (not always entering the passphrase for your private keys)
[19:16:59] <bstorm_>	 Gopa: thanks for the task.  We typically support what Debian has in their internal repos.  For the time being that's likely to remain the same, but we'll take a look at backports and things.
[19:18:18] <Gopa>	 bstorm_: Thanks and I wish to see our VideoCutTool back-end sooner in live :)
[19:19:33] <bstorm_>	 TheSandDoctor: if you come back, I'm interested in any info about sudo problems on this task: T205463 Just in case it has to do with more than just a random LDAP connection thing....so far, it seems to be LDAP connections and not OS/shell
[19:19:34] <stashbot>	 T205463: sudo randomly prompts for passwords in cloud instances when LDAP lookups fail - https://phabricator.wikimedia.org/T205463
[19:25:08] <TheSandDoctor>	 @bstorm_: sorry, was afk for a sec. I do have ssh enabled on windows 10 and can connect to tools just fine
[19:25:17] <TheSandDoctor>	 I just get those errors specifically with the jump
[19:25:24] <TheSandDoctor>	 It doesn’t like the second half of the command.
[19:25:58] <TheSandDoctor>	 (Also, I will be in an incident log on bastion as I thought I was on my instance and didn’t realize it didn’t connect through when I tried to sudo switch user)
[19:26:04] <TheSandDoctor>	 So my apologies on that
[19:26:07] <TheSandDoctor>	 @bstorm_:
[19:26:35] <bstorm_>	 How about using `ProxyCommand ssh -q -a -W %h:%p` instead of ProxyJump?
[19:26:59] <bstorm_>	 Ahh ok
[19:27:03] <bstorm_>	 I get what you are saying
[19:27:27] <bstorm_>	 I almost always use ProxyCommand...I thought the windows OpenSSH does ProxyJump well, but maybe it does something odd?
[19:27:45] <bstorm_>	 You have the OpenSSH Agent enabled, too, right, not just OpenSSH?
[19:28:08] <bstorm_>	 I realize my config using ProxyCommand.
[19:28:15] <bstorm_>	 *is using*
[19:29:11] <TheSandDoctor>	 Looking. One sec
[19:29:48] <bstorm_>	 I know it's the one piece that is disabled by default on Windows10.
[19:30:24] <TheSandDoctor>	 OpenSSH client is enabled
[19:30:31] <TheSandDoctor>	 dont see anything about agent anywhere
[19:30:36] <TheSandDoctor>	 nor in the available ones to add
[19:30:46] * TheSandDoctor just sees OpenSSH server
[19:30:50] <bstorm_>	 Trying WindowsKey-F and search for "services.msc"
[19:31:04] <bstorm_>	 *try...why can't I type today?
[19:31:42] <TheSandDoctor>	 OpenSSH Authentication Agent?
[19:31:46] <TheSandDoctor>	 is that what you mean?
[19:31:51] <bstorm_>	 Yeah :)
[19:31:54] <bstorm_>	 That would be it
[19:32:01] <TheSandDoctor>	 disabled
[19:32:03] <TheSandDoctor>	 huh
[19:32:06] <bstorm_>	 Enable that
[19:32:07] <TheSandDoctor>	 set to automatic?
[19:32:11] <bstorm_>	 yes
[19:32:13] <bstorm_>	 That's my config
[19:32:33] <bstorm_>	 That should make your config more like a Mac or Linux box
[19:32:53] <bstorm_>	 Then see if that affects proxy-jump (I don't recommend agent forwarding, but having an agent locally might affect that)
[19:33:06] <TheSandDoctor>	 same error for ssh `commons-corruption-checker-main.commons-corruption-checker.eqiad.wmflabs`
[19:33:10] <bstorm_>	 Ok
[19:33:35] <TheSandDoctor>	 same error also for `ssh -J thesanddoctor@primary.bastion.wmflabs.org thesanddoctor@commons-corruption-checker-main.commons-corruption-checker.eqiad.wmflabs`
[19:33:55] <TheSandDoctor>	 w/
[19:33:59] <TheSandDoctor>	 https://www.irccloud.com/pastebin/4ZDOgE17/
[19:34:35] <bstorm_>	 In that case, I'd change the .ssh/config part about that to use: `ssh -o ProxyCommand="ssh -W %h:%p thesanddoctor@primary.bastion.wmflabs.org" thesanddoctor@commons-corruption-checker-main.commons-corruption-checker.eqiad.wmflabs`
[19:34:56] <bstorm_>	 Sorry not the config...the command.  Ugh. I'm sleepy today.
[19:35:11] <bstorm_>	 Try this command instead: `ssh -o ProxyCommand="ssh -W %h:%p thesanddoctor@primary.bastion.wmflabs.org" thesanddoctor@commons-corruption-checker-main.commons-corruption-checker.eqiad.wmflabs`
[19:35:32] <bstorm_>	 Let me open windows10 and play with it as well
[19:35:36] <TheSandDoctor>	 first one worked. trying second
[19:35:40] <bstorm_>	 Ah good
[19:35:44] <bstorm_>	 They are the same command
[19:35:54] <TheSandDoctor>	 kk
[19:36:03] <bstorm_>	 Ok, so perhaps your version of ssh doesn't like ProxyJump...just ProxyCommand
[19:36:14] <TheSandDoctor>	 how would I modify the config to clean that up a bit?
[19:36:17] <bstorm_>	 I'm curious about my own version because I use ProxyCommand a lot
[19:36:19] <TheSandDoctor>	 because that's a long one
[19:36:24] <bstorm_>	 Here
[19:36:25] <TheSandDoctor>	 and how do I check my version?
[19:36:35] <bstorm_>	 ssh --version
[19:36:45] <bstorm_>	 nope
[19:36:48] <bstorm_>	 that doesn't work lol
[19:37:34] <bstorm_>	 you can ssh with the "-v" option, and it will tell you the local version string
[19:37:51] <TheSandDoctor>	 powershell I was able to find the version
[19:37:54] <TheSandDoctor>	 https://www.irccloud.com/pastebin/sXAauzhW/
[19:37:55] <bstorm_>	 On my mac it's "SSH-2.0-OpenSSH_7.9" (in the massive output that comes with sshing to something with -v)
[19:38:02] <bstorm_>	 Wow.  That's old
[19:38:03] <bstorm_>	 Ok
[19:38:06] <TheSandDoctor>	 that's windows
[19:38:10] <TheSandDoctor>	 their version
[19:38:16] <bstorm_>	 Yeah
[19:38:22] * TheSandDoctor wishes it was newer
[19:38:28] <bstorm_>	 So in your config, you'd use this
[19:38:34] <TheSandDoctor>	 but....that's microsoft for you :P
[19:38:46] <bstorm_>	 I wonder about my own version.  I think it is a later one
[19:38:52] <bstorm_>	 But I'm using "Insiders Release"
[19:39:25] <bstorm_>	 `ProxyCommand ssh -q -a -W %h:%p thesanddoctor@primary.bastion.wmflabs.org`
[19:39:33] <bstorm_>	 Instead of the "ProxyJump" line
[19:39:39] <bstorm_>	 Then you can use the config
[19:39:43] <TheSandDoctor>	 ah. I am on education and the semi annual stream. Microsoft tends to roll out versions that break everything from what I've read
[19:39:50] * TheSandDoctor is leery of the 1909 upgrade
[19:39:57] <bstorm_>	 I should add something to the doc for this
[19:40:00] * TheSandDoctor knows in the past they have bricked machines with their rollouts
[19:40:07] <TheSandDoctor>	 please do @bstorm_
[19:40:07] <bstorm_>	 Yeah, that's fair :)
[19:40:27] <TheSandDoctor>	 something like how on windows they have a stupid old version that wont work with the "modern" command
[19:40:29] <TheSandDoctor>	 :P
[19:41:15] <bstorm_>	 Yeah, I'm checking my version.  I could have sworn I had a rather recent one, but I have a lot going on in my config (including WSL2 because then I have full Linux)
[19:42:04] <TheSandDoctor>	 changing that in the config worked.
[19:42:09] <TheSandDoctor>	 thanks @bstorm_!
[19:42:09] <TheSandDoctor>	 :)
[19:42:19] <bstorm_>	 Awesome!
[19:42:45] <bstorm_>	 I'll see if I can find a version matrix so I can find out which Windows builds have which version of SSH
[19:43:51] <TheSandDoctor>	 Thanks
[19:43:59] <TheSandDoctor>	 I’d be interested in seeing that as well
[19:44:16] <bstorm_>	 Local version string for me is ` SSH-2.0-OpenSSH_for_Windows_7.7`
[19:44:29] <TheSandDoctor>	 Huh
[19:44:33] <TheSandDoctor>	 That’s different
[19:44:38] <TheSandDoctor>	 Windows_7
[19:44:45] <TheSandDoctor>	 Haven’t seen that in a while 😂
[19:45:03] <bstorm_>	 Well, this is OpenSSH 7.7, thankfully :)
[19:45:23] <TheSandDoctor>	 So I guess they update it with one of the new releases? Which version are you on?
[19:46:07] <bstorm_>	 My build is 19041.1 
[19:46:23] <bstorm_>	 But that's not a stable release
[19:46:26] <bstorm_>	 That's insiders :)
[19:47:03] <TheSandDoctor>	 That is a fair bit inside haha
[19:47:11] <TheSandDoctor>	 1909 is the latest release
[19:47:12] <TheSandDoctor>	 Haha
[19:47:35] <bstorm_>	 😁
[19:47:42] <TheSandDoctor>	 I’ve read they don’t even fix some of the major bugs in 1909
[19:48:09] <bstorm_>	 So `ssh -V` checks version.  I can add something to the doc that has you check that first and then decide on proxyjump
[19:48:37] <bstorm_>	 https://github.com/PowerShell/Win32-OpenSSH/issues/1172
[19:48:40] <TheSandDoctor>	 That’s a good idea
[19:48:58] <TheSandDoctor>	 https://www.laptopmag.com/news/microsofts-fix-for-severe-windows-10-security-flaw-isnt-installing-for-many-users
[19:49:08] <TheSandDoctor>	 They don’t roll out very well, do they?
[19:49:32] <bstorm_>	 What do you get with `ssh -V` ?
[19:49:44] <bstorm_>	 No they really do not
[19:50:16] <bstorm_>	 They were better at rollouts in the past.  It seems like they are too busy building spyware Cortana things lately :)
[19:50:25] <TheSandDoctor>	 :P
[19:50:32] * TheSandDoctor basically uninstalled Curran’s
[19:50:39] <TheSandDoctor>	 Cortana*
[19:50:48] <bstorm_>	 Yeah, I did my best. 
[19:50:56] <TheSandDoctor>	 Education edition does a lot for that too
[19:51:10] <TheSandDoctor>	 Allows a ‘0’ setting for their spyware
[19:51:16] <TheSandDoctor>	 Instead of usual ‘1’
[19:51:22] <bstorm_>	 What is the full version string on yours for `ssh -V`?
[19:51:23] * TheSandDoctor likes anti beacon
[19:51:30] <bstorm_>	 Out of curiosity.  
[19:51:32] <TheSandDoctor>	 I will look that up for you. One sec
[19:51:42] <bstorm_>	 That's cool. Makes me interested in the education edition for my kid.
[19:52:00] <bstorm_>	 Her "home" version is terrible
[19:52:39] <TheSandDoctor>	 OpenSSH_for_Windows_7.6p1, LibreSSL 2.6.4
[19:53:15] <TheSandDoctor>	 but I would also recommend looking at AntiBeacon (made by same people who make spybot search & destroy). Costs some money but allows you to disable a lot of crap
[19:53:22] <TheSandDoctor>	 and you can completely uninstall cortana btw
[19:53:42] <TheSandDoctor>	 https://www.pcworld.com/article/3109900/you-can-remove-cortana-from-windows-10-but-its-tricky.html
[19:53:51] <bstorm_>	 Ok, so you are using exactly the version in that bug report here https://github.com/PowerShell/Win32-OpenSSH/issues/1172
[19:54:00] <bstorm_>	 It's 7.6
[19:54:16] * TheSandDoctor is most concerned about how win10 key logs
[19:54:21] <bstorm_>	 Heh.
[19:54:33] <TheSandDoctor>	 researchers have found it to send packets every keypress
[19:54:44] <bstorm_>	 ugh.  Yeah.  It's a nightmare
[19:54:56] <TheSandDoctor>	 that's why I load up on the antispyware
[19:54:57] <TheSandDoctor>	 :P
[19:55:40] <bstorm_>	 privacytools.io (can't really endorse, but they have some good info) points out a possibly ok binary program that tries to close privacy leaks in win10.  I've found it missed some things, but helped a bit.  I've mostly been hacking my own registry and GPOs to close stuff
[19:56:19] <TheSandDoctor>	 👍
[19:56:23] * TheSandDoctor has done same
[19:56:24] <bstorm_>	 Again, I haven't dug into source code on that program (don't think it is even open), but I was willing to test it on a VM lol
[19:56:41] <bstorm_>	 Fair :)
[19:56:47] * TheSandDoctor also did some registry edits to lower the levels
[19:56:52] <TheSandDoctor>	 They don’t make it easy
[19:56:59] <TheSandDoctor>	 But you can get level 0 with education
[19:57:08] <TheSandDoctor>	 Education is literally enterprise but rebranded
[19:57:29] <TheSandDoctor>	 And best part is that my uni gives everyone with an account a free copy
[19:57:35] <TheSandDoctor>	 Indefinite license
[19:57:36] <TheSandDoctor>	 :)
[19:58:32] <TheSandDoctor>	 @bstorm_:
[19:58:40] <bstorm_>	 Very nice
[19:58:57] <bstorm_>	 I wonder if they do that for homeschoolers?  Probably not :-D
[19:59:32] <bstorm_>	 I don't think the Foundation wants to get us Windows licenses, either.  Open source and all that.
[19:59:37] <legoktm>	 bstorm_: while you're around, do you know the answer to https://phabricator.wikimedia.org/T229920#5815022 ?
[20:01:00] * bstorm_ answers with an opinion
[20:01:06] <Reedy>	 I wonder if all of those are still needed...
[20:01:22] <Reedy>	 As versions we've upgraded from/past
[20:01:32] <bstorm_>	 We probably only need one version back for the emergency rollback that will hopefully not happen.
[20:01:37] <bstorm_>	 But we'll get to it?
[20:01:54] <bstorm_>	 We also might need some of that stuff for clients more than anything.
[20:10:38] <bstorm_>	 TheSandDoctor: I think this covers what we learned https://wikitech.wikimedia.org/w/index.php?title=Help:Accessing_Cloud_VPS_instances&diff=1851200&oldid=1850703
[20:10:40] <bstorm_>	 Thanks!
[20:11:25] <TheSandDoctor>	 Thanks @bstorm_
[20:11:27] <TheSandDoctor>	 :)
[20:11:41] <TheSandDoctor>	 11:59 AM <bstorm_> I don't think the Foundation wants to get us Windows licenses, either.  Open source and all that.
[20:11:42] <TheSandDoctor>	 Darn
[20:11:59] <bstorm_>	 😁
[20:13:31] <TheSandDoctor>	 @bstorm_: should probably be documented somewhere not to overwrite the default python install
[20:14:00] * TheSandDoctor did that last night and if it weren’t for @andrewbogott he would’ve had a bricked instance
[20:14:05] <TheSandDoctor>	 @bstorm_:
[20:15:19] <bstorm_>	 Well, that's arguably a sysadmin best practice, which we seem to mostly avoid in our docs, hoping docs elsewhere capture it, but maybe if we have a CloudVPS doc on pythonish stuff it wouldn't be a bad footnote :)
[20:15:47] <bstorm_>	 Too many OSs rely on python internally
[20:16:05] <bstorm_>	 So it's pretty dangerous on Linux or even Mac
[20:16:24] <bstorm_>	 There's probably a good spot to add it somewhere
[20:16:43] * TheSandDoctor is just used to windows where it doesn’t matter haha
[20:16:59] <bstorm_>	 You can get away with https://github.com/pyenv/pyenv
[20:17:25] <bstorm_>	 Yeah, Windows doesn't care at all. One of the few really nice things on that end.
[20:17:50] <bstorm_>	 pyenv works like rubyenv...if you've done ruby or rails stuff
[20:18:58] <TheSandDoctor>	 12:17 PM <bstorm_> Yeah, Windows doesn't care at all. One of the few really nice things on that end.
[20:19:00] <TheSandDoctor>	 100%
[20:19:10] * TheSandDoctor wishes everything was just the latest python
[20:19:11] <TheSandDoctor>	 Haha
[20:19:26] <TheSandDoctor>	 Because python2 is discontinued as of a few days ago
[20:47:59] <TheSandDoctor>	 @bstorm_: do you recommend any Debian database management tools?
[20:48:41] * TheSandDoctor knows of phpmyadmin, but hasn’t used anything else and his vps doesn’t have a floating ip
[20:49:00] <Reedy>	 I suspect very few of them are debian specific
[20:49:14] <Reedy>	 doesn't have a floating ip? so it's static?
[20:56:39] <TheSandDoctor>	 I don’t think it has a public facing ip(?)
[20:56:44] * TheSandDoctor will have to look closer
[20:56:52] * TheSandDoctor isn’t sure
[20:56:58] * TheSandDoctor isn’t used to cloud vps’
[21:00:37] <Reedy>	 You can certainly request one (you might need to give a reason)
[21:00:49] <Reedy>	 You can still do things like SSH tunneling and stuff to access it too
[21:03:09] <TheSandDoctor>	 SSH tunnelling is how I’ve been getting in as of late. Easier on the Mac than win10. Latter required some troubleshooting in here earlier @Reedy
[21:03:19] <Reedy>	 It's not
[21:03:26] <Reedy>	 I was doing it on windows with putty.. 10+ years ago
[21:03:29] <Reedy>	 You just save the config
[21:42:13] <TheSandDoctor>	 !help I umm...might've forgot to keep ssh open when I launched my instance firewall. Looks like I have to nuke it?
[21:42:13] <wm-bot>	 TheSandDoctor: If you don't get a response in 15-30 minutes, please create a phabricator task -- https://phabricator.wikimedia.org/maniphest/task/edit/form/1/?projects=wmcs-team
[21:42:23] <TheSandDoctor>	 (allow ssh)
[21:48:50] <Reedy>	 In theory, there should be a way to pop a console shell (at least for cloud staff) to fix it
[21:56:58] <TheSandDoctor>	 @Reedy do you happen to know who here is cloud staff (other than andrew who is afk)?
[21:57:17] <Reedy>	 I suspect most of them are AFK because it's a weekend
[21:57:27] <Reedy>	 Brooke who was helping you earlier is too
[21:57:38] <Reedy>	 I would suggest just to file a task and see if someone can help
[21:57:43] <TheSandDoctor>	 kk
[21:59:50] <TheSandDoctor>	 @Reedy https://phabricator.wikimedia.org/T243161
[21:59:56] <TheSandDoctor>	 thanks for your help
[22:33:27] <andrewbogott>	 TheSandDoctor: happen to know the command to open the firewall?
[22:41:40] <Reedy>	 andrewbogott: opensesame
[22:42:16] * andrewbogott can never remember iptables syntax
[22:42:28] * andrewbogott packing for a flight so will leave this in the hands of others
[22:42:59] <paladox>	 andrewbogott i have the syntax :)
[22:43:05] <TheSandDoctor>	 @andrewbogott: sudo ufw allow ssh
[22:43:06] <paladox>	 sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
[22:43:17] <TheSandDoctor>	 @paladox: nope. Not one I’m using
[22:43:21] <TheSandDoctor>	 I’m using ufw
[22:43:33] <paladox>	 yup, but that'll open it i think? At least that did with ferm.
[22:43:36] <paladox>	 you can also stop ufw
[22:43:48] <TheSandDoctor>	 @andrewbogott: I’m out at the moment so can’t confirm for a bit
[22:43:49] <paladox>	 sudo service ufw stop
[22:44:06] <TheSandDoctor>	 That too would work and allow me back in ^
[22:47:33] <andrewbogott>	 ok, done — gotta go!
[22:52:56] <TheSandDoctor>	 Thanks @andrewbogott ! It said something like “rule added” in response, right?
[22:53:03] <TheSandDoctor>	 One or two entries (either or)
[22:53:16] * TheSandDoctor will check either way when he gets home
[22:53:26] <TheSandDoctor>	 And I’ll close ticket if all’s good. Thanks again