[00:22:10] !log tools.ia-upload Updated to latest master. T254632. [00:22:13] Logged the message at https://wikitech.wikimedia.org/wiki/Tool:IA_Upload/SAL [12:01:52] yurb: see topic, you can use !help if you don't get a response [12:02:09] Hi everyone. I'm hitting some file ownership weirdness in my tools .git directory - just a moment ago I could push to the repository, now I'm getting a permission denied [12:02:22] s/tools/tool's [12:02:36] And the .git directory has some subdirectories owned by the tool's owner (the ssh user) and some by the tool user [12:02:44] I would like all the source files to be owned by the tool owner, not the tool itself [12:02:50] (including .git) [12:02:57] Having that said I don't understand why the ownership could have been mixed up [12:03:35] I dont think we have any process automatically modifying ownership of files in homes directories yurb [12:03:57] my first guess would be that when you push you change the ownership somehow yourself [12:04:09] it could be that you push with the wrong user or something [12:05:45] yurb: I recommend you send an email to cloud@l.w.o and see if anyone else is using a similar approach and can give you hints [12:06:23] mutante: you got the message sooner that I did. I got your reply before the actual user question heh [12:06:53] arturo: thanks, I'll investigate further what could be the cause; though now my priority is fixing the ownership so I can deploy changes [12:07:33] yurb: try `chown -R user:group affected_directory/` [12:08:16] arturo: unfortunaly, neither the tool user (the one activated after I run become) nor my ssh user can change the ownership [12:08:23] I get permission denied [12:08:31] what's the tool name? [12:09:03] arturo: the tool is wikigrade, the source code resides in /data/project/wikigrade/www/python/src/ [12:09:17] the tool owner user is yurb [12:10:09] isn't this the right owner? `drwxr-sr-x 3 tools.wikigrade tools.wikigrade 4096 Jul 16 2018 www` [12:11:37] arturo: that's the tool user, yes, but I'm managing the source code as the tool's owner, yurb [12:11:59] I think you should `become wikigrade` for managing the source code [12:12:00] so to be able to push code I need everything to be yurb:tools.wikigrade [12:13:00] arturo: how do I push the code via ssh then? Is it possible to ssh directly into the tool's user? Like wikigrade@login.tools.wmflabs.org? [12:15:35] yurb: try `chmod -R g+w /data/project/wikigrade` after `become wikigrade` [12:15:44] you may be lacking the write permission for the group [12:17:12] arturo: that allowed a successful git push, thank you! [12:17:40] 🎉 [12:18:18] yurb: would you like to contribute some documentation in wikitech to describe the workflow you are using? [12:19:21] perhaps here: https://wikitech.wikimedia.org/wiki/Help:Toolforge/Version_Control_in_Toolforge#Git [12:19:22] arturo: well, it doesn't seem like the best workflow if I'm now having files owned by two users:) [12:20:19] I guess I did it that way because I wanted to be doing push-to-deploy with git [12:20:39] well, operhaps most people use a pull approach (ie, git pull from inside the tool) instead of the push based one you are doing. But I'm unsure [12:21:04] anyways, having some supporting docs won't hurt, to help others and perhaps your future self :-P [12:21:51] sure, although for a next tool I would probably use a pull-based workflow [12:23:55] ok [13:22:14] !log meet applying role::meet::accountmanager on instance meet-auth [13:22:15] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Meet/SAL [14:17:47] does anyone know of a tutorial / documentation for how to run a Python-based API using Horizon instead of Toolforge? something akin to these fantastic instructions: https://wikitech.wikimedia.org/wiki/Help:Toolforge/Web#Python_(uWSGI) [14:20:50] isaacj: here is an example how to install uWSGI using a puppet role (what you apply to instances in cloud VPS via Horizon): [14:20:53] https://gerrit.wikimedia.org/r/c/operations/puppet/+/593233/9/modules/profile/manifests/meet/accountmanager.pp [14:21:04] see line 28 ff [14:21:40] also see that gerrit change in general. it's a simple role and profile and you would write something similar and then you can apply it to instances (VMs) [14:22:02] mutante: thanks! i'll take a look. haven't worked with puppet before but the config looks simple enough [14:22:09] this one also creates a system user/group and git clones some code from a content repo [14:22:20] mutante: uhm is 'wsgi-file' => '?', intentional [14:23:08] Majavah: so far yes, because i don't know that the value should be [14:23:56] i would be happy for suggestions how to find out [14:24:04] when looking at the meet-auth instance [14:25:08] mutante: I don't have access to the meet VPS instances :/ [14:26:02] what exacly are you looking for there? the flask app entry point? [14:28:41] I think that the best place to look for would be to check Amir's screen sessions [14:29:13] Majavah: it's not documented and does not seem to be used.. it's weird [14:29:27] i see a bunch of classes setting the wsgi-file parameter [14:29:38] but i do not see the uwsgi::app class using it [14:29:57] it's a parameter.. yea.. but it's not used further in the class or a template? [14:30:07] I just pinged him away from irc [14:30:30] other things using it set that to a path to a .wsgi file ..or to a path to a .py file [14:31:44] I'm at a meeting for the next 45 minutes but we'll try to fix this ASAP [14:32:19] my guess would be that it would be used in some sort of template... its not used template('uwsgi/app.ini.erb'), i'm trying to figure out what systemd_template('uwsgi'), does [14:33:07] wait no [14:33:13] AFAIK there are several ways to define and start a uwsgi process [14:33:22] it's used in modules/uwsgi/templates/app.ini.erb [14:34:55] it's essentially the same as the --wsgi-file argument to uwsgi binary [14:35:02] uwsgi looks for app object in the python file [14:35:17] it's pretty counter intuitive if you as me. [14:36:52] based on uwsgi docs I think it just needs "${clone_path}/server.py" [14:45:19] Majavah: i think you are right. thank you! i will amend it in like 5 min... unless you want to [14:46:42] * Majavah waits patiently while running "git clone ssh://gerrit.wikimedia.org:29418/operations/puppet" [14:47:01] cloning puppet repo takes ages :/ [14:47:56] Majavah: yea.. the first time only at least [14:49:56] mutante: https://gerrit.wikimedia.org/r/#/c/604409/ [14:52:58] Majavah: thank you! this is really helpful because i'm multi-tasking another thing [14:53:09] merging it.. we cant break stuff anyways :) [14:53:20] i need to fix the git cloning next [14:53:30] the current issue is git clone -b master https://gerrit.wikimedia.org/r/wikimedia/meet-accountmanager /srv/meet-auth [14:53:37] fatal: destination path '/srv/meet-auth' already exists and is not an empty directory. [14:53:45] Majavah: fwiw, you can submit changes via the gerrit web interface. So you don't always have to clone the repos [14:54:21] "Create Change" button on https://gerrit.wikimedia.org/r/#/admin/projects/operations/puppet [14:54:52] Reedy: thanks, will remember that in the future [14:55:03] Unfortunately in gerrit it's a bit hidden [14:56:01] yeah, "let's hide this important action in the bottom of a read-only view of boring settings" [14:57:45] Amir1: moving /srv/meet-auth (empty except some dotfiles) out of the way.. running puppet again which now just cloned stuff: [14:57:48] root@meet-auth:/srv/meet-auth# git status [14:57:51] On branch master [14:57:53] client.py create_cron.sh LICENSE README.md requirements.txt server.py templates tokens.json tox.ini users_to_create.json [14:58:36] !log meet meet-auth moved /srv/meet-auth to /root, let puppet recreate it and git clone meet-accountmanager into it [14:58:38] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Meet/SAL [14:59:26] also we now have 3 instances of: [14:59:27] www-data 9294 0.0 0.7 58392 14896 ? Ss 14:57 0:00 /usr/bin/uwsgi --die-on-term --ini /etc/uwsgi/apps-enabled/meet-accountmanager.ini [15:00:00] our next problem is setting the "ticketmaster token" [15:00:34] Info: /Stage[main]/Profile::Meet::Accountmanager/Uwsgi::App[meet-accountmanager]/File[/etc/uwsgi/apps-available/meet-accountmanager.ini]: Scheduling refresh of Base::Service_unit[uwsgi-meet-accountmanager] [15:00:38] Info: Base::Service_unit[uwsgi-meet-accountmanager]: Scheduling refresh of Exec[systemd reload for uwsgi-meet-accountmanager] [15:02:55] also probably need to change the port for the reverse proxy on horizon [15:05:31] Majavah: there is "python3 server.py" listening on port 5000. but that is running since Apr29, so must be the old manual setup [15:05:43] yeah probably [15:07:27] i dont see anything else (python-like) listening yet in netstat [15:07:35] though the processes are running [15:08:40] waiting for Amir before i just kill the old process [15:41:26] * Majavah goes to eat dinner [15:56:25] mutante: sorry, let me take a quick look [16:09:36] !log admin deleting all old cloud-ns0.wikimedia.org and cloud-ns1.wikimedia.org ns records in designate database T254496 [16:09:40] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Admin/SAL [16:09:41] T254496: clean up old cloud-ns0.wikimedia.org and cloud-ns1.wikimedia.org ns records in designate zones - https://phabricator.wikimedia.org/T254496 [16:28:01] I copied the token and salt to /srv/meet-auth path so we can now kill the old thing [16:28:25] mutante: Majavah https://gerrit.wikimedia.org/r/c/operations/puppet/+/604434 [16:33:12] thanks. I stopped the screen and running puppet agent rn [16:35:24] Amir1: ok, just merged it and tried the same.. you got it (lock file) [16:35:51] :P [16:37:05] "ImportError: No module named secrets" [16:37:24] https://meet-auth.wmflabs.org is down now which is good (listening to the port works) [16:38:24] aah, python version :( [16:38:35] Amir1: eh.. where are we trying to use the secrets module? [16:39:16] server.py but isn't python3 enough (otherwise how it worked on my screen) [16:40:57] I didn't install a new version of python in my system [16:41:05] I think it needs another puppet change [16:42:02] Amir1: feel free to start your screen again and bring it up and we continue tomorrow or something [16:42:05] up to you [16:49:18] https://gerrit.wikimedia.org/r/#/c/operations/puppet/+/604444 this should fix the process [16:49:54] but strangely curl 0.0.0.0:5000/create works but the meet-auth.wmflabs.org/create doesn't [16:50:30] Amir1: i would say security-groups or ferm [16:51:05] Amir1: yea, we have iptables but did not open port 5000 [16:51:17] we need to use a ferm snippet in puppet [16:51:29] to open that port to the right source IP/range [16:56:43] Amir1: merging blocked for a moment by multiple commits.. and sorry, multi-tasking stuff [16:57:03] all good, don't worry. I'm reviewing a patch atm [16:59:03] merged anyways [16:59:55] Thanks! [17:45:53] !log wiki to read-only [17:45:59] MacFan4000: Unknown project "wiki" [17:45:59] MacFan4000: Did you mean to say "tools.wiki" instead? [17:46:11] !log tools.zppixbot wiki to read-only [17:46:35] !log tools.zppixbot wiki to read-only [17:46:41] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.zppixbot/SAL [17:46:42] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.zppixbot/SAL [17:47:37] MacFan4000: include task number [17:50:13] !log tools.zppixbot git pull in public_html/wiki T255024 [17:50:15] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.zppixbot/SAL [17:50:15] T255024: Make ZppixBotWiki work with /wiki/ - https://phabricator.wikimedia.org/T255024 [17:53:28] !log tools.zppixbot mv wiki w T255024 [17:53:30] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.zppixbot/SAL [18:01:27] !log tools.zppixbot update $wgScriptPath T255024 [18:01:29] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.zppixbot/SAL [18:01:29] T255024: Make ZppixBotWiki work with /wiki/ - https://phabricator.wikimedia.org/T255024 [18:05:47] !log tools.zppixbot update $wgArticlePath + add RewriteRules in .lighttpd.conf and restart webservice T255024 [18:05:50] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.zppixbot/SAL [18:07:50] MacFan4000: https://zppixbot.toolforge.org/zppixbot/wiki is 404 not found [18:08:26] aware, looking [18:10:54] MacFan4000: status? [18:12:16] still looking [18:14:16] MacFan4000: I'm off for 20 mins [18:14:22] k [18:14:23] Please back out if you're stuck [18:27:49] !log tools.zppixbot got short URLs working after more editing of LocalSettings and .lighttpd.conf T255024 [18:27:51] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.zppixbot/SAL [18:27:51] T255024: Make ZppixBotWiki work with /wiki/ - https://phabricator.wikimedia.org/T255024 [18:31:06] !log tools.zppixbot remove read-only T255024 [18:31:07] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.zppixbot/SAL [18:33:03] MacFan4000: great! [18:33:10] Do you know what went wrong? [18:33:52] syntax on $wgArticlePath [18:34:00] forgot the /$1 at the end [18:34:42] MacFan4000: really? [18:36:17] yes [18:37:09] I haven't really had to mess with server config stuff recently, so [18:44:07] MacFan4000: please be more careful. That's about 3 in just this deployment. Changes are deployed immediately. [18:45:17] I also haven’t ever tried to configure lighttpd [18:45:51] !log tools.zppixbot auto-update@website: Synced website repo in 46.s [18:45:53] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.zppixbot/SAL [18:48:09] there we go [18:48:35] MacFan4000: just be careful. If you want something to do, and please be super careful, change that to use 3 decimal places properly [18:48:42] 1 decimal place [18:48:46] 3 sig figures [18:48:52] Rather than 46. [21:06:34] !log tools.zppixbot - added sitenotice for T255060 [21:06:36] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.zppixbot/SAL [21:06:36] T255060: RO Window for Extensions & Config review - ZppixBotWiki - https://phabricator.wikimedia.org/T255060 [21:25:57] !help my scp client is giving access denied when trying to copy files across [21:25:57] If you don't get a response in 15-30 minutes, please create a phabricator task -- https://phabricator.wikimedia.org/maniphest/task/edit/form/1/?projects=wmcs-kanban [21:29:49] !log tools.zppixbot wiki to read-only for T255060 [21:29:52] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.zppixbot/SAL [21:29:52] T255060: RO Window for Extensions & Config review - ZppixBotWiki - https://phabricator.wikimedia.org/T255060 [21:30:48] !log tools.zppixbot enable category tree + set 2FA rights up, clean up LS.php - then run git pull, update.php and composer update --no-dev T255060 [21:30:50] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.zppixbot/SAL [21:32:01] RhinosF1: Did you get that sorted out? What scp client is it? [21:32:56] bstorm_: ForkLift and no, using vim over ssh [21:33:17] I'm not familiar with Forklift [21:34:15] I can't even find any mention of that on google via "ForkLift scp" [21:34:25] This one? https://apps.apple.com/us/app/forklift-file-manager-and-ftp-sftp-webdav-amazon-s3-client/id412448059?mt=12 [21:34:27] Ah, https://binarynights.com/ [21:34:30] does one of the more standard scp clients, like `scp` work? [21:34:32] yeah that one [21:34:46] RhinosF1: It doesn't do SCP. Do you mean SFTP? [21:34:56] Reedy: yes [21:35:06] because they're not the same ;) [21:35:58] Are we serving sftp? [21:36:00] * bstorm_ checks [21:36:19] https://wikitech.wikimedia.org/wiki/Portal:Toolforge/Quickstart says yes [21:36:22] yes [21:36:27] it used to work [21:36:37] It looks like it works from cli [21:36:43] if you've got ssh, sftp nearly always just works(TM) [21:36:57] Yeah, but I wouldn't be surprised if sftp was turned off [21:37:08] I know it can be. It is working, though from what I can tell [21:37:29] I'm guessing it's related to file permissions and groups set [21:37:40] Are you trying to sftp files into a tool? [21:37:46] Rather than your user home dir [21:37:50] Reedy: yes [21:37:55] it normally works [21:38:01] what directory? [21:38:11] Ah that will often not work directly unless the file is owned by your user [21:38:15] AntiComposite: sftp://login.toolforge.org/mnt/nfs/labstore-secondary-tools-project/zppixbot/ZppixBot/public_html/w/LocalSettings.php [21:38:36] But it looks like folks have the right idea, so I'll go back to kicking a database :) [21:40:22] -rw-r--r-- 1 tools.zppixbot tools.zppixbot 3884 Jun 10 21:36 LocalSettings.php [21:40:35] missing the group write bit [21:41:09] * RhinosF1 eyes Texas [21:42:17] RhinosF1: Huh? [21:42:20] bd808: is there a quick way to add it to every file on our toool [21:42:31] Texas: your change the other day? [21:42:44] what change? [21:42:49] I only did default.cfg [21:43:05] * Texas completely forgot about the wik [21:43:06] i [21:43:08] Texas: no you did the stuff to change access rights [21:43:15] RhinosF1: chmod -R g+w $HOME [21:43:16] Yes [21:43:23] bd808: thanks [21:43:26] RhinosF1: I will run that now [21:43:38] Texas: on both instances pls [21:44:05] k [21:44:11] * Texas needs to do that on his tools [21:44:17] !log tools.zppixbot chmod -R g+w $HOME [21:44:22] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.zppixbot/SAL [21:44:41] That should do it [21:46:27] lol it is so satifsfying to run that command with the verbose flag :P [21:46:35] !log tools.zppixbot-test chmod -R g+w $HOME [21:46:36] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.zppixbot-test/SAL [21:46:45] git is being slow [21:46:55] so we might have a long ro [21:53:53] just composer now [21:53:57] Texas: -test as well [21:54:26] RhinosF1: I did -test [21:54:31] 16:46:35 !log tools.zppixbot-test chmod -R g+w $HOME [21:54:39] Texas: you did [21:54:46] * RhinosF1 should sleep [21:56:00] 'night [21:56:51] Texas: should not will [21:57:26] ah [22:03:24] !log tools.zppixbot rmv RO T255060 [22:03:26] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.zppixbot/SAL [22:03:26] T255060: RO Window for Extensions & Config review - ZppixBotWiki - https://phabricator.wikimedia.org/T255060 [22:03:33] Texas, MacFan4000: ^ [22:03:49] ok [22:09:12] !log tools.zppixbot restarting for code/config changes T255077 [22:09:14] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.zppixbot/SAL [22:12:44] !log tools.zppixbot-test restarting for code/config changes T255077 [22:12:45] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.zppixbot-test/SAL [22:19:00] !log tools.zppixbot-test restarting for config changes (fixing typo) T255077 [22:19:02] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.zppixbot-test/SAL