[05:45:12] <wm-bot>	 !log tools.sal <root> restarted webservice (T259560)
[05:45:15] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.sal/SAL
[08:01:14] <Nemo_bis>	 To discuss development ideas about the LanguageConverter it might be useful to ask the maintainers instead. ;)
[14:11:40] <kalle>	 Hmm, this one instance has been "scheduling" for 22 hours now. Not really a problem, but I suppose it's consuming unnessecary resources? Is there some form to fill out to create a  Phabricator task or something?
[14:13:48] <Reedy>	 Something sounds wrong for sure. Just file a task and tag cloud services team and cloud-vps
[14:43:28] <kalle>	 Reedy: ok, thanks!
[15:25:28] <andrewbogott>	 kalle: we're having some db performance issues which cause actions to time out.  I'd advise deleting and recreating, unless you're unlucky it should work this time
[17:00:19] <kalle>	 andrewbogott: Ran delete some 20 hours ago, but that didn't help.
[17:04:19] <andrewbogott>	 Ok... I'm in transit but will clean things up later today
[17:06:08] <kalle>	 No worries, we don't the the resources or anything.
[17:06:27] <kalle>	 Added a bug now. T259644
[17:06:28] <stashbot>	 T259644: New instance has been scheduling for more than a day - https://phabricator.wikimedia.org/T259644
[18:24:00] <bd808>	 !log cloudinfra Made DNS entry lists.wmcloud.org A 185.15.56.49 (Tried CNAME to mailman.wmcloud.org first but Horizon didn't like that) (T259444)
[18:24:02] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Cloudinfra/SAL
[18:24:02] <stashbot>	 T259444: Request for creating a DNS record for lists.wmcloud.org to 185.15.56.28 - https://phabricator.wikimedia.org/T259444
[18:54:50] <bstorm>	 !log admin restarting mariadb on cloudcontrol1004 to setup parallel replication
[18:54:54] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Admin/SAL
[19:45:54] <Amir1>	 bd808: sorry but one thing, gmail gave me this: "DNS Error: 29726073 DNS type 'mx' lookup of lists.wmcloud.org responded with code NXDOMAIN Domain name not found: lists.wmcloud.org" I thought if no MX record exists, it would fallback to A type record but I might be wrong
[19:46:18] <bd808>	 nope, you need an MX
[19:47:01] <Amir1>	 :(
[19:47:12] <bd808>	 Amir1: do you only need an MX record? Or will this also be used for other things?
[19:47:18] <Amir1>	 no, just MX
[19:47:30] <Amir1>	 Thanks
[19:47:34] <Amir1>	 sorry again
[19:47:40] <Amir1>	 I bother a lot
[19:56:26] <bd808>	 Amir1: we are having some db problems that will keep me from making the MX record for a bit, but I'll update the task when it is done
[19:56:48] <Amir1>	 thanks. No worries. This can wait
[21:57:47] <bd808>	 Amir1: I think you may have been correct about not needing an MX record. I figured out that the A record I had made went missing from Designate as fallout from the db things we have going on in OpenStack right now. I recreated the record. Maybe you can run your test again?
[22:00:04] <mdholloway>	 !log deployment-prep deleted deployment-chromium01
[22:00:07] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Deployment-prep/SAL
[22:25:23] <Amir1>	 bd808: sure
[22:25:59] <Amir1>	 bd808: Actually, I don't need to
[22:26:00] <Amir1>	 https://usercontent.irccloud-cdn.com/file/01OdFPqs/image.png
[22:28:36] <Amir1>	 I need to fix the HTTPS traffic though (I need to open port 443, do the Let'sEncrypt dance, ...)
[22:29:14] <mutante>	 Amir1: are you using deployment-prep or a separate project?
[22:29:31] <Amir1>	 it's a separate project (mailman)
[22:29:44] <Amir1>	 I had done it before with meet
[22:29:50] <mutante>	 so you won't have acme-chief then
[22:30:02] <mutante>	 and the letsencrypt::cert method will fail 
[22:30:13] <mutante>	 i recommend you use the same workaround we used for gerrit
[22:30:37] <mutante>	 which is basically installing certbot and a cron
[22:30:38] <mutante>	  72         ensure_packages('certbot')
[22:30:38] <mutante>	  73         cron { 'certbot_renew':
[22:30:51] <mutante>	 then you have to manually run it once but the renewal will be automatic
[22:31:39] <mutante>	 the reason you can't use lesencrypt::certificate like in the past is  that https://gerrit.wikimedia.org/r/c/operations/puppet/+/602722  does not get merged
[22:31:54] <mutante>	 and upstream "Account creation on ACMEv1 is disabled."
[22:32:04] <mutante>	 so it still works to renew existing certs but not to create new certs
[22:32:16] <mutante>	 just trying to save you from that rabbit hole
[22:33:36] <ningu>	 ah puppet
[22:33:51] <Amir1>	 Thanks!
[22:34:11] <mutante>	 it's not puppet, it's https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430
[22:34:38] <mutante>	 Amir1: so.. install certbot package. manually run it. i did the option that just gets me the certs and does not try to edit webserver config.. copied them in place
[22:34:49] <mutante>	 then the cron does the rest 
[22:34:53] <ningu>	 mutante: is this about the version of certbot you have installed?
[22:34:58] <ningu>	 if you want to use ACMEv2
[22:35:16] <mutante>	 ningu: it's that acme_tiny.py uses ACMEv1   
[22:35:20] <mutante>	 certbot is the alternative
[22:35:27] <ningu>	 ah ok
[22:35:38] <mutante>	 fix should be https://gerrit.wikimedia.org/r/c/operations/puppet/+/602722
[22:35:53] <ningu>	 I've always just used certbot
[22:36:02] <wm-bot>	 !log tools.lexeme-forms <lucaswerkmeister> deployed 39457a18ab (Bengali adjectives and verbs)
[22:36:04] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.lexeme-forms/SAL
[22:36:13] <Amir1>	 that would fasten things up
[22:36:25] <mutante>	 ningu: yea, but the production method in the past was  letsencrypt::certificate puppet class
[22:36:35] <mutante>	 and then that was replaced with acme_chief
[22:36:48] <mutante>	 but acme_chief means you have to setup another instance in your project for it
[22:37:08] <ningu>	 acme_tiny looks useful in general, actually, but I've never had much of an issue getting certbot installed and working
[22:37:09] <mutante>	 unfortunately prod is not like cloud again 
[22:37:52] <mutante>	 ningu: it is fine for a few servers but it's a different story when it's hundreds of servers
[22:37:53] <ningu>	 and since everyone else uses certbot essentially, I just rely on it being well maintained 
[22:38:04] <ningu>	 yeah, I've only ever had a few so :P
[22:38:26] <mutante>	 the point of acme_chief is that the requests to LE are all made from a central server
[22:38:41] <mutante>	 which the gives the certs to the servers actually needing them
[22:39:03] <mutante>	 setting that up in another cloud instance to serve 1 other instance would be way overkill
[22:39:41] <ningu>	 how many cert requests are there really, though? even with hundreds of servers, you'd just need the renewal every few months and check for it once a day or whatever?
[22:39:44] <mutante>	 doing it completely manual is also bad.. so that method above was my "that's as good as it gets" to solve all that
[22:40:04] <ningu>	 no, not completely manually, I meant puppetized certbot
[22:40:12] <ningu>	 maybe that's still too disorganized though
[22:41:11] <mutante>	 https://phabricator.wikimedia.org/source/operations-software-acme-chief/browse/master/README.md
[22:43:29] <wm-bot>	 !log tools.lexeme-forms <lucaswerkmeister> <em>actually</em> deployed 39457a18ab (forgot to git rebase)
[22:43:31] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.lexeme-forms/SAL