[00:33:30] !log tools.stashbot Update to 7f1b260 public_html: update link to 'source' [00:33:33] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.stashbot/SAL [02:32:39] Hi. I was wondering the "mw" object that we have accessible in the browser console -- is there a node package which I can use for my text editor to stop complaining that "mw" is not defined? [07:15:16] !log tools.mhwikibot outage known, looking soon [07:15:18] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.mhwikibot/SAL [07:15:23] Reception123: ^ [07:15:31] thanks [07:16:43] Reception123: I’ll have to remember how to start it up [07:17:04] RhinosF1: heh, you should have some docs for next time [07:17:14] ye [07:32:11] !log tools.mhwikibot attempting recovery & check logs [07:32:13] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.mhwikibot/SAL [07:41:33] !log tools.mhwikibot TabError: inconsistent use of tabs and spaces in indentation [07:41:34] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.mhwikibot/SAL [07:47:39] Reception123: it's dead [07:47:55] Examknow: fix your bot [07:50:28] It won’t even detect settings.csv now [07:51:02] hmm k [07:51:42] Reception123: it’s gone weird. We’ll have to do maths ourseleves for now [07:51:54] !log tools.mhwikibot failed to recover [07:51:55] yeah, until EK comes back [07:51:55] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.mhwikibot/SAL [10:14:40] !log tools.zppixbot-test deploying phabricator update && a few other things on the way [10:14:43] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.zppixbot-test/SAL [10:26:26] !log tools.zppixbot-test fix a mistake in starter.sh [10:26:28] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.zppixbot-test/SAL [13:20:38] !log tools.zppixbot-test ZppixBot Upgrades done for today - 1 known issue - If anything crashes after now, it's not known and/or me [13:20:40] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.zppixbot-test/SAL [17:43:27] !log tools.mhwikibot restart bot [17:43:29] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.mhwikibot/SAL [18:34:18] office wikitech account busy at blocking I see [19:12:08] !log tools running command to delete over 2000 tmp ca certs on tools-bastion-07 T253412 [19:12:13] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools/SAL [19:12:13] T253412: webservice 0.69+ fills /tmp with k8s ca cert files - https://phabricator.wikimedia.org/T253412 [19:22:58] !log tools.fvcbot removing /tmp/-mnt-nfs-labstore-secondary-tools-project-fvcbot-FPCBot-fpc-.lock because the filename is causing issues with shell commands [19:22:59] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.fvcbot/SAL [19:27:09] !log tools.image-metadata-viewer removing /tmp files that begin with '-' because shell commands are failing [19:27:10] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.image-metadata-viewer/SAL [20:00:42] !log tools rebooted tools-sgebastion-07 to clear up tmp file problems with 10 min warning [20:00:45] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools/SAL [20:06:11] Hi folks, sorry, I'm new to Toolforge and just trying to set up my first tool on there now - a bot. If I want to copy a binary from my toolforge user directory into the bot account, how do I do that? The take command doesn't see the file. [20:06:22] Also, is there a standard for logging things that's used by Toolforge apps, or is it just "eh, whatever"? [20:07:00] Naypta: as your user, copy the file to the tool's $HOME. Then become the tool and `take` the file [20:07:21] logging is "it depends" [20:08:01] I tend to log to stderr and let Kubernetes catch that output. Then I can `kubectl logs ` to read them [20:08:48] otherwise you can write to files directly. currently we do not have a proper log aggregation service for tools to use. [20:09:42] cheers bd808! is it necessary to use a kube container? I was just going for a binary directly running in the tool user account. also, when I try to take the file, I'm told I don't share any groups with it - do I need to assign a user group to my tool account first? [20:10:29] Naypta: running processes directly on the Toolforge bastions is not good. A bot should either use a Kubernetes pod or run as a grid engine job [20:11:14] we will find and kill your bot on the bastions at some point and leave grumpy messages on your talk page :) [20:11:57] heh, good job I asked then! it's just that it's only going to be running based on a quick cronjob, so it felt unnecessary to use containerisation - plus I've used docker but never kubernetes, so I'm slightly flying blind there! [20:12:19] Naypta: cronjobs only run on the grid engine [20:13:36] okay, just reading the wiki now, so I can use the jsub tool to run the compiled binary, and it'll just plonk .err and .out files from stderr and stdout in the calling directory right bd808? [20:14:12] Naypta: the shared group thing is a bit confusing, but any tool maintainer is a member of the "tools." group for each tool they maintain, so you should at least be able to chown the file as your user to have the group that the tool expects. [20:14:28] Naypta: yeah, that's how it will work on the grid [20:15:25] bd808, huh, I don't have permission to chown the file apparently [20:15:27] err... chgrp in that prior message, not chown [20:15:32] ah right [20:15:33] duh [20:16:21] cheers, that's worked taking the file! that's really helpful bd808 :) [20:17:02] how long is the grid engine sticking around for then? i can see the wiki page says it's being transitioned away from, so i don't wanna create infrastructure around something that's going away [20:17:11] or is that exclusively for web serving content [20:17:21] it's complicated :) [20:17:39] heh, it's a wikimedia thing, it has to be :p [20:17:43] We hope to get rid of it for webservice jobs in the next say 12 months [20:18:06] but it will likley be around for much longer for one-off things and bots [20:18:32] okay, cool, that's a bit less !!! then hehe [20:18:47] (12 months is probably ambitious too) [20:19:43] do envvars carry over to a grid engine job? [20:28:26] Naypta: no. you generally need a wrapper script to setup the environment on the grid [20:29:10] right, okay - no 12 factor api key storage for me then :( [20:29:15] sad times :p [20:30:41] is there a recommended way of doing credential storage in which case, or is it just "whatever"? [20:30:58] (sorry for all the questions, these are probably obvious to anyone who's been working with toolforge for a long time!) [20:31:11] they are good questions :) [20:31:44] credential storage is typically file based with filesystem permissions to limit access [20:32:33] on the Kubernetes cluster you could do fancier things like https://kubernetes.io/docs/concepts/configuration/secret/ [20:33:14] so, how does that work with tool accounts then? bc I'm conscious that anything I put in a tool account has the potential to be usurped if I'm not there to maintain it - doesn't that give whoever potentially usurps the account access to my bot account then too through the api key? [20:34:40] Naypta: https://wikitech.wikimedia.org/wiki/Help:Toolforge/Abandoned_tool_policy is pretty clear on that. A usurpation would have secrets removed by the trusted users handling the handover [20:35:09] "Prior to granting access to an adopting user, obvious secret information such as SUL account passwords, database passwords, and OAuth secrets should be removed from the tool's home directory. If secrets are not removed, the Toolforge Standards Committee must contact appropriate on-wiki communities such as WP:BAG and Stewards to ensure that they are informed of the forcible transfer of ownership of the existing credentials. " [20:35:14] ah, cheers [20:35:27] so i guess the answer is put it in a file labelled "SECRET PASSWORD KEY GOES HERE" :D [20:36:29] pretty much ;) I tend to do things like what is documented at https://wikitech.wikimedia.org/wiki/Help:Toolforge/My_first_Flask_OAuth_tool#How_to_add_a_configuration_file [20:36:57] a .gitignore'd config file with perms so that only the tool can read it [20:37:37] sometimes that is a .env file too for 12-factor goodness. Just depends on the project and its tool chain [20:38:19] yeah, I'm using a yaml config file atm but i feel like there's no reason for most of that to be hidden away, so a separate password file probably makes sense in this case [20:38:35] .env is tasty but I can't be arsed to implement a .env reader in golang for no reason :p [20:38:45] heh. fair [20:39:01] I'm sure there is a golang package somewhere for one [20:39:19] https://github.com/joho/godotenv [20:39:23] it even has ruby in the name <3 [20:39:36] (yes, i am a ruby stan, and no, don't [20:39:38] '@ me) [20:39:54] I try pretyt hard not to language shame :) [20:40:28] hehe :) thanks very much for all your help! it's really appreciated [20:40:44] i'm sure i'll have more knucklehead questions soon enough :p [21:21:59] !log tools.wikifile-transfer Migrate wikifile-transfer to new toolforge URL (T253404) [21:22:02] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.wikifile-transfer/SAL [21:22:02] T253404: Migrate wikifile-transfer to new toolforge UR - https://phabricator.wikimedia.org/T253404