[00:55:22] <vrandecic>	 I have a wiki running on wmcloud. Now it is getting spam. Is there a recipe how to set it up so it uses WSOAuth or sth like that to allow only users with a SUL to log in and edit?
[00:56:38] <vrandecic>	 and, maybe until then, a simpler recipe where I can say "no anonymous edits and no account creation by non-users"?
[13:25:22] <dcaro>	 !log testing ceph upgrade cookbook on cloudcephmon2002-dev (T280641)
[13:25:23] <stashbot>	 dcaro: Unknown project "testing"
[13:25:23] <stashbot>	 T280641: ceph: Upgrade to latest Nautilus/Octopus to fix CVE-2021-20288 - https://phabricator.wikimedia.org/T280641
[13:26:55] <dcaro>	 !log admin testing ceph upgrade cookbook on cloudcephmon2002-dev (T280641)
[13:26:57] <dcaro>	 xd
[13:26:58] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Admin/SAL
[14:06:35] <CristianCantoro>	 hi all, within the Wikipedia Community Health Metrics project we are computing several metrics about Wikipedia pages and discussions (e. g. number of reverts, length of chains of discussions, etc.) the idea is that we are doing some of these analyses for all languages and then some more in-depth analysis for a selection of languages. The point is that the DB with all metrics is several tens of GB. At the moment
[14:06:35] <CristianCantoro>	 Wikimedia Cloud, but it has just 16GB of storage.
[14:07:33] <Reedy>	 are you on a cloud vm/vps?
[14:08:33] <CristianCantoro>	 yes
[14:08:54] <CristianCantoro>	  how could we handle this? Two options come to mind:
[14:08:54] <CristianCantoro>	 1. have the possibility to attach a volume to the VPS with the database there
[14:08:54] <CristianCantoro>	 2. have a machine hosted by my institution, with the data and just the frontend on the VPS
[14:09:20] <Majavah>	 for attaching a volume see https://wikitech.wikimedia.org/wiki/Help:Adding_Disk_Space_to_Cloud_VPS_instances
[14:10:31] <CristianCantoro>	 would it be a problem requesting a volume of several tens of GBs?
[14:12:51] <Majavah>	 all projects have 80Gb quota by default, if you need more than that requests are evaluated on a case-by-case basis, if you have a reasonable need I don't imagine there being any issues
[14:18:48] <CristianCantoro>	 Majavah: thanks for the information
[14:36:06] <Cyberpower678>	 bd808: The next time we meet up in real life, I need to buy you a beer. :-)
[14:41:33] <arturo>	 Majavah: thanks for being helpful
[14:41:45] <Majavah>	 yw
[14:54:09] <godog>	 hi -- re: bullseye and VPS images, I'd be interested in testing even before bullseye is released, is providing bullseye images now-ish sth we could explore ?
[14:56:08] <arturo>	 godog: we are about to discuss that in our team meeting in 5 minutes
[14:56:26] <godog>	 arturo: hah! great timing, super efficient
[14:56:32] <arturo>	 :-)
[14:56:38] <arturo>	 will let you know
[14:56:55] <godog>	 *nod* thank you
[14:57:07] <arturo>	 godog: meanwhile, a phab task wont hurt. Something like: "Cloud: evaluate early adoption of bullseye images"
[14:58:12] <Majavah>	 I think we had some buster prerelease images, so this wouldn't be the first time fwiw
[14:58:17] <godog>	 arturo: for sure -- will do
[14:58:22] <arturo>	 Majavah: true
[15:01:10] <godog>	 tracked in T280801
[15:01:12] <stashbot>	 T280801: Cloud VPS pre-release Debian Bullseye images - https://phabricator.wikimedia.org/T280801
[16:01:13] <arturo>	 thanks!
[17:47:00] <dcaro>	 !log admin upgrading monitors and mrg nodes on codfw ceph cluster (T280641)
[17:47:05] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Admin/SAL
[17:47:06] <stashbot>	 T280641: ceph: Upgrade to latest Nautilus/Octopus to fix CVE-2021-20288 - https://phabricator.wikimedia.org/T280641
[17:59:30] <dcaro>	 !log admin all monitors upgraded on codfw1 with one cookbook `cookbook --verbose -c ~/.config/spicerack/cookbook.yaml wmcs.ceph.upgrade_mons --monitor-node-fqdn cloudcephmon2002-dev.codfw.wmnet` (T280641)
[17:59:34] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Admin/SAL
[17:59:34] <stashbot>	 T280641: ceph: Upgrade to latest Nautilus/Octopus to fix CVE-2021-20288 - https://phabricator.wikimedia.org/T280641
[17:59:36] * dcaro off
[18:33:02] <htriedman>	 Does anyone have experience programmatically changing/querying a user database from a program in Toolforge? I'm able to manually create a database following instructions on Wikitech (https://wikitech.wikimedia.org/wiki/Help:Toolforge/Database#User_databases) but my tool program keeps getting an "Access Denied" error from mysql. I tried manually
[18:33:03] <htriedman>	 changing the access permissions on my db but as a user I don't have those perms either.
[18:50:49] <Majavah>	 htriedman: what database are you trying to create/access?
[18:52:03] <htriedman>	 I've tried twice — the two db names are s54717__wdp and s54717__wdp_p
[18:55:27] <Majavah>	 and which exact step/command is failing? did it let you create the database? and which hostname are you using to connect to mysql?
[19:03:05] <bstorm>	 htriedman: in general, if you can use the defaults file of replica.my.cnf for username and password, you'll be best off. You should already have appropriate permissions to databases named like that. Ideally, your code should use the file directly.
[19:03:22] <bstorm>	 That removes at least one source of error
[19:03:43] <bstorm>	 But hostname will matter, as well as exactly how your code is set up.
[19:05:34] <htriedman>	 Right now, it fails while connecting to the database — in the error message, it says that my username is 'tools.<my tool>'@'<my IP address>'
[19:07:03] <RhinosF1>	 Use the replica.my.cnf file like bstorm said as that username isn't right
[19:07:14] <RhinosF1>	 It should be s54717 iirc
[19:07:28] <bstorm>	 It's definitely the right one one way or another.
[19:07:55] <bstorm>	 There are a few tools that have somehow had shared usernames. I have a ticket about that
[19:08:22] <bstorm>	 T278195
[19:08:23] <stashbot>	 T278195: Sort out the 5 tool accounts with strange mysql usernames - https://phabricator.wikimedia.org/T278195
[19:08:35] <bstorm>	 But the only way you get your credentials is via that file
[19:08:44] <bstorm>	 If it's wrong, please make a ticket (or ping me on that ticket)
[19:09:04] <htriedman>	 In the code, though, I'm using a .env file (Golang doesn't provide support for replica files) — I've copied the username and password into that and am constructing the DSN as username:password@tcp(hostname)/dbname
[19:10:09] <bstorm>	 htriedman: You can read the file in with golang and then use the values if you have to. I'm quite sure you can read an ini file in golang one way or another :)
[19:10:23] <htriedman>	 Yep, can do
[19:10:30] <htriedman>	 I'll give it another shot
[19:10:50] <bstorm>	 That said, if you copy the username and password into code, please be careful to set the permissions to read only so it doesn't expose them
[19:11:02] <bstorm>	 Ok, let us know how it goes :)
[19:11:47] <bstorm>	 Sorry, readonly *to the owner*
[19:12:05] <bstorm>	 They can be read write. I was mis-typing
[19:12:36] <bstorm>	 I mean, if you have a password in a code file, don't expect it to be private in Toolforge. It has to be set to permissions that are only readable by the file's owner if you want that.
[19:12:49] <bstorm>	 Using the file directly takes care of it :)
[19:14:24] <htriedman>	 Got it — as far as programmatically accessing the database hostname, should I just assume it to be tools.db.svc.eqiad.wmflabs?
[19:43:55] <htriedman>	 it worked!
[19:44:00] <htriedman>	 thanks for all the help :)
[19:48:33] <bstorm>	 Great!
[19:48:36] <bstorm>	 Good to hear