[00:00:13] The dn implies that the domain is pmtpa.wikimedia.org, but the 'associatedDomain' entry says otherwise. [00:00:17] What's with that? [00:00:50] petan: Hm? [00:00:57] Why would live need to be moved [00:01:28] johnduhart: not live [00:01:34] folder global I made inside :D [00:01:51] uh [00:01:54] :D [00:02:02] why did you touch live? [00:02:04] it would be cool to have it "global" [00:02:13] because of ^ [00:02:15] Why can't this go on a new subdomain? [00:02:33] hm... maybe it could... but I am too tired to mess up with apache config [00:02:36] I wanted to go sleep [00:02:47] Then go to sleep and I'll handle it [00:02:48] anyway the global can be moved anywhere [00:02:50] :) [00:02:51] no need to change content [00:02:57] it should work [00:03:18] one sec though [00:03:26] btw check if I enabled Flagged properly [00:03:29] in Deployment.php [00:03:30] andrewbogott: it's a subdomain [00:03:34] That's what I was about to say [00:03:38] but don't worry I'll fix it [00:03:41] huh? [00:03:43] what's wrong [00:03:45] andrewbogott: wait... [00:03:53] It's a private domain, I think. [00:04:10] But I'm confused about how that fits into the hierarchical nature of ldap. [00:04:11] andrewbogott: wait. no. I think the dc can be anything [00:04:17] petan: There "right way" would be a dblist for flagged rev wikis, but that's not completely setup [00:04:21] don't worry I'll handle it [00:04:32] ah [00:04:34] andrewbogott: it depends on what type you are using in powerdns [00:04:37] right [00:04:53] andrewbogott: tree type requires a heirarchy [00:05:03] don't forget to run updatedata [00:05:12] So if I'm creating a new domain I can just put it any damn place? [00:05:14] btw SUL doesn't work to hexmode [00:05:17] With an arbitrary parent? [00:05:17] heh [00:05:24] well, kind of [00:05:32] hexmode: What's the problem with SUL? [00:05:41] he was loosing cokies [00:05:44] take this, for instance: dn: dc=i-0000003a,dc=pmtpa,ou=hosts,dc=wikimedia,dc=org [00:05:51] associatedDomain: i-0000003a.pmtpa.wmflabs [00:05:52] petan: Odd, I'll tinker with it [00:06:08] petan: Probably just missing some entries so it doesn't autologin [00:06:15] btw I reconfigured memcached to use all memory on nfs [00:06:16] johnduhart: I created a user ("hexmode-test") on commons after logging out of sul with MarkA... [00:06:20] dc=pmtpa has an associated domain of pmtpa.wmflabs [00:06:21] hm... [00:06:31] johnduhart: I saw that the user was created [00:06:37] entries under that domain must be located under that domain [00:06:38] johnduhart: and I was logged in [00:06:53] johnduhart: but when I clicked on the new messages line [00:07:08] johnduhart: the upper right showed that I was logged out again [00:07:18] hrm [00:07:34] hexmode: Is this consistent [00:07:38] Huh, ok. So to find the appropriate parent for a given new domain... [00:07:59] johnduhart: it keeps happening with that user, but I am able to log in with MarkA... [00:08:04] you search for the fully qualified domain name [00:08:23] I search for the fully qualified domain name of the parent, in the associatedDomain field [00:08:25] ? [00:09:28] So, e.g. creating foo.bar.baz.com, I search for associatedDomain=bar.baz.com, and use whatever DN comes up as the parent for my new record [00:09:38] I think all domains can be in the base [00:09:45] Ryan_Lane: Did you finish reviewing the config btw? [00:09:57] entries under that domain need to be underneath that [00:10:01] johnduhart: no [00:10:06] k just checking [00:10:23] Ryan_Land, is what you're saying different from what I just said? [00:10:33] heh [00:10:38] Oh, you're just saying, plus, if I don't find anything, just create the new domain in the base. [00:10:44] yes [00:10:49] wait [00:10:59] I think if it's a domain, you always use the base [00:12:18] !ep gdsfg | petan [00:12:18] petan:http://etherpad.wikimedia.org/gdsfg [00:12:18] I don't think so [00:12:19] booting :o [00:12:20] dc=foo,dc=pmtpa,ou=hosts,dc=wikimedia,dc=org' [00:12:21] * andrewbogott looks for examples in the db [00:12:22] damn! [00:12:22] wait. maybe it is. [00:12:27] let me look up the documentation [00:13:28] welp, I can't find any examples to contradict what you're saying, but it seems wrong for it to not be hierarchical. [00:13:37] it seems that my entries do indeed show heirarchy [00:14:04] ok... [00:14:14] though I actually only have one soa record [00:14:48] that doesn't seem right [00:15:52] !t gdsfg | petan [00:15:52] petan: gdsfg [00:15:53] dn: dc=wikiversity,ou=hosts,dc=wikimedia,dc=org [00:15:53] sOARecord: virt1.wikimedia.org hostmaster@wikimedia.org 20111022000607 1800 36 [00:15:53] 00 86400 7200 [00:15:53] associatedDomain: wikiversity.wmflabs.org [00:15:55] all domains are in the base [00:15:59] finally [00:16:07] this makes sense, actually [00:16:13] in this mode [00:17:22] when you do a lookup, it'll take the fully qualified name and walk recursively up the tree [00:17:28] by doing searches [00:18:03] OK. So, if I want two domains, foo.pmtpa.wmflabs and foo.pmtpa.wikipedia.org, what are their respective fqdns? [00:18:25] so, en.wikipedia.deployment.wmflabs.org -> dn: dc=*,dc=deployment,ou=hosts,dc=wikimedia,dc=org [00:18:48] then it walks up the tree: dc=deployment,ou=hosts,dc=wikimedia,dc=org [00:19:04] dn: dc=deployment,ou=hosts,dc=wikimedia,dc=org [00:19:04] sOARecord: virt1.wikimedia.org hostmaster@wikimedia.org 20120108222553 1800 36 [00:19:04] 00 86400 7200 [00:19:15] associatedDomain: d.wmflabs.org [00:19:19] hah. that's broken [00:19:21] * Ryan_Lane goes to fix that [00:19:25] anyway, it still works [00:19:33] basically it finds the domain, and gets the SOA entry [00:20:12] Uhoh, I'm more confused than ever. [00:20:42] heh [00:20:52] so, for the two domains you meantioned [00:21:56] the problem I currently have is that I don't ensure two different domains have unique DCs [00:22:03] but I think the DCs can be anything [00:23:13] dc=foo,ou=hosts,dc=wikimedia,dc=org [00:23:31] associateddomain: foo.pmtpa.wikipedia.org [00:23:50] then entry.foo.pmtpa.wikipedia.org would be: [00:24:09] dc=entry,dc=foo,ou=hosts,dc=wikimedia,dc=org [00:24:29] associateddomain: entry.foo.pmtpa.wikipedia.org [00:24:46] and foo.pmtpa.wmflabs? [00:24:49] I'm wondering if it's fine to use the FQDN of the domain in the DC [00:25:24] thats the problem. foo here would be an issue [00:25:32] lemme look at the docs [00:26:36] seems the DC doesn't matter [00:26:50] "The "dc" attribute can be set to any value in simple or strict mode - this doesn't matter." [00:27:10] so, we should use the FQDN as the dc entry for the domain [00:27:31] dc=foo.pmtpa.wmflabs,ou=hosts,dc=wikimedia,dc=org [00:27:37] And that means that I don't care if there are already entries for a parent domain, right? [00:27:39] associateddomain: foo.pmtpa.wmflabs.org [00:27:44] yep [00:27:54] As long as I verify that there aren't any exact matches in associatedDomain [00:28:02] yes [00:28:09] Easy enough. [00:28:15] and if you name things this way, you can actually just check the entry directly [00:28:28] And your code already doesn't care about dn, so I won't break anything by using a different scheme? [00:28:43] (me is confused about terminology, dn vs dc) [00:28:59] my code does not care about dn, no [00:29:07] Great. [00:29:19] I'm likely going to need to change our entries, though [00:29:20] OK, this will be simple to implement; we'll see if it works. [00:29:25] lemme test to make sure this works [00:29:28] ;) [00:31:15] bah. nova-production1 is broken [00:31:49] ah. right. dnsmasq is running, so pdns is dead [00:33:52] I really need to make a multi-node install [00:34:22] oh. it isn't even installed [00:34:24] * Ryan_Lane groans [00:34:45] dear production testing [00:38:56] Ryan_Lane: Is there some sort of page detailing the current status of testlabs [00:39:29] johnduhart: probably not [00:39:46] what kind of status were you looking for? [00:40:02] Like what needs to be done, where are we now [00:40:06] oh [00:40:08] yes [00:40:22] http://www.mediawiki.org/wiki/Wikimedia_Labs#Roadmap [00:40:45] under "create clone of production cluster" [00:40:49] is that the part you are looking for? [00:40:57] andrewbogott: it works. I just tested it [00:40:59] yup [00:41:20] ryan_lane: OK. I'll run some code by you in a few minutes to make sure I'm understanding what you're saying. [00:43:27] andrewbogott: http://pastebin.com/Dp8pFtxs [00:44:19] now I *really* wish I would have done it this way to begin with :D [00:44:32] oh well, easy enough to refactor [00:45:04] At the moment, will things break if someone causes a name collision? [00:45:16] no, it won't create the domain [00:45:22] it'll just error out on them [00:45:46] probably :D [00:46:09] I'm the only one creating domains right now [00:46:26] I'm really glad this code is getting moved out of OSM [00:49:01] Ryan_Lane: This is what you'd expect, roughly? http://pastebin.com/iGYHikcx [00:51:27] yep [00:51:42] I love python [00:51:55] that's so much neater and concise than what I have to do in php. heh [00:52:19] It's also a first draft. It'll become convoluted eventually :) [00:53:00] heh [00:55:05] my DNS code became convoluted really, really quick. that's partially because I didn't directly have access to nova info, though [00:55:36] so some things were slightly harder. [01:01:50] If a domain has subentries, and the user requests that the domain be deleted... would you prefer that it automatically clear out leaves, or that the delete fail until the user explicitly deletes leaves one by one? [01:02:07] Can't think of the use cases for this. [01:03:09] 01/11/2012 - 01:03:09 - Creating a home directory for danny_b at /export/home/bastion/danny_b [01:04:08] 01/11/2012 - 01:04:08 - Updating keys for danny_b [01:04:31] andrewbogott: if a domain is to be deleted, the leaves must be deleted [01:04:49] oh [01:04:51] hm [01:05:01] delete all [01:05:15] don't fail [01:05:17] ok. [01:05:28] this may actually be a good flag to set [01:05:32] so that people can choose [01:05:54] but… I'd say let's ignore that for now [01:05:59] if someone else wants it, they can add it [01:06:29] we should specify the api behavior as well. deletion of domain deletes all subentries [01:12:09] 01/11/2012 - 01:12:09 - Updating keys for danny_b [01:19:31] !terms | Danny_B|backup [01:19:31] Danny_Bbackup: https://labsconsole.wikimedia.org/wiki/Terminology [01:19:47] heh. the bot stripped your | [01:20:03] !projects [01:20:03] https://labsconsole.wikimedia.org/wiki/Special:Ask/-5B-5BResource-20Type::project-5D-5D/-3FMember [01:21:28] petan: tell to your bot that i am really really disappointed by its behaviour... stripping my pipe, tssss... what a dare! [01:26:48] :D [01:30:03] I so just didn't add this channel to my autojoin list.... yearly irssi restart done though! [01:30:57] Ryan_Lane: can I access the production search machines ? [01:31:16] umm... [01:31:32] oren: let me ask the team. [01:31:38] sure [01:31:48] in general we are trying to not give out shell [01:31:56] I know [01:32:03] though pdf and search have always been oddballs there [01:32:16] I just want to look around at this point [01:32:22] * Ryan_Lane nods [01:32:28] We should just get root on everything, no access issues there :P [01:32:33] heh [01:32:37] in labs, sure, why not [01:33:14] production is problematic [01:33:29] the problem at this point is that the docs don't relay explain what is happening in production [01:33:50] at least not as clearly as I'd like [01:33:54] yeah [01:34:44] I'd like to ask Rainman some stuff but I don't know what ... [01:41:24] !log deployment-prep setup flagged revisions [01:41:25] Logged the message, Master [01:44:12] !log deployment-prep updated databases and interwiki [01:44:13] Logged the message, Master [02:28:40] !log deployment-prep Moved config to http://config.deployment.wmflabs.org/viewfile.php?file=CommonSettings.php [02:28:41] Logged the message, Master [02:42:22] RECOVERY Total Processes is now: OK on cantlogin cantlogin output: PROCS OK: 95 processes [02:43:12] RECOVERY dpkg-check is now: OK on cantlogin cantlogin output: All packages OK [02:43:52] RECOVERY Current Load is now: OK on cantlogin cantlogin output: OK - load average: 1.29, 0.51, 0.18 [02:44:32] RECOVERY Current Users is now: OK on cantlogin cantlogin output: USERS OK - 0 users currently logged in [02:45:32] RECOVERY Disk Space is now: OK on cantlogin cantlogin output: DISK OK [02:46:02] RECOVERY Free ram is now: OK on cantlogin cantlogin output: OK: 73% free memory [02:48:40] there's a node called cantlogin?! [02:50:25] * johnduhart shurgs [02:51:17] did LDAP break or something? [02:51:26] why do you ask? [02:51:30] it won't even let me view my own ssh keys [02:51:32] https://labsconsole.wikimedia.org/wiki/Special:NovaKey [02:51:40] No Nova credentials found for your account. [02:51:40] There were no Nova credentials found for your user account. Please ask a Nova administrator to create credentials for you. [02:52:01] works for me [02:52:04] log out and log back in [02:52:09] though it's weird you hit that bug [02:52:12] I fixed it [02:52:14] i knew you were going to say that... [02:52:21] wasn't just that page [02:52:21] I guess there's another mediawiki bug around somewhere [02:52:25] I know [02:52:34] mediawiki has somehow fucked up your session [02:52:36] A bug? In MediaWiki?!? [02:52:43] * johnduhart refuses to believe [02:52:55] well, this is a bug in mediawiki that screws up ldap auth [02:53:05] Ryan_Lane: is that mediawiki sending sessions -> memcached? [02:53:15] because it unsets or resets the domain session variable [02:53:21] jeremyb: no [02:53:25] woot, it likes me again! [02:53:33] it's a mediawiki bug. has nothing to do with memcache [02:53:35] vanilla php sessions? [02:53:42] we're using memcache [02:53:46] ok [02:53:49] I just explained what the problem is.... [02:54:13] if the explanation is "because it unsets or resets the domain session variable" idk what that means [02:54:23] but it's not important [02:54:26] to me at least :) [02:54:55] how'd class go? [02:55:11] can OSM interface msgs have SMW queries in them? [02:55:43] class was fine [02:55:58] which interface messages, and why would they need to? [02:56:46] 03 23:09:22 < jeremyb> can {{int:openstackmanager-rebootinstancequestion}} contain a semantic query? [02:56:54] 03 23:09:32 < jeremyb> https://labsconsole.wikimedia.org/wiki/MediaWiki:Openstackmanager-rebootinstancequestion [02:57:06] resurrecting from 7 days ago :) [02:59:55] and the answer for why was so that you could display extra info. like instance's symbolic name and project name not just what's essentially a meaningless primary key [03:00:32] anyway, that's just an example [03:05:00] hrmmm, someone changed Discussion to Talk for at least ns1 and that threw me for a loop [03:05:19] (saw different tabs depending on whether i was ssl'd. both logged out) [03:05:25] hard refresh fixed it [03:09:57] [[Bastion//Documentation]] and [[Bastion/]] have too many / ? [03:10:25] and for that matter [[/Documentation]] [03:12:04] huh, must be related to [[Form:Nova Project Documentation]] [03:19:22] !log deployment-prep Added production commons to ForeignFileRepos http://en.wikipedia.deployment.wmflabs.org/wiki/File:BradPittBAR08.jpg [03:19:23] Logged the message, Master [03:25:13] wtf [03:25:30] Ryan_Lane: My depops LDAP group just went poof? [03:25:40] eh> [03:25:47] where? [03:26:05] did you manually add it? [03:26:13] Nevermind [03:26:23] Something on -test is just whacky [03:30:01] oh [03:30:20] maybe my 1.18 was outdated [03:30:33] nope [03:30:47] what's depops? [03:30:59] jeremyb: Group for deployment-prep people [03:31:00] whoops [03:31:43] * Damianz throws Ryan_Lane a can of whoops [03:32:07] I was in the wrong channel :) [03:33:27] lol, I'll just go back to beating puppet to death with a crowbar then. [03:33:42] Ryan_Lane: so, whatchya think about interface msg question? [03:34:43] jeremyb: ah [03:34:44] I see [03:34:54] probably could [03:35:05] but the extension doesn't actually require SMW, right now [03:35:11] orly [03:35:21] no. that's totally optional [03:35:50] so then if not SMW how are node properties remembered? [03:36:01] i thought the node's page was teh only place they were recorded [03:36:25] anyway, i'm running away momentarily [03:38:32] PROBLEM Disk Space is now: CRITICAL on cantlogin cantlogin output: DISK CRITICAL - free space: / 0 MB (0% inode=20%): [03:38:49] 11 02:48:40 < jeremyb> there's a node called cantlogin?! [03:39:54] aha, instancecreator_username=Hashar https://labsconsole.wikimedia.org/wiki/Nova_Resource:I-000000dd [03:41:03] ok, well nacht [03:49:17] Oooh siny I appear to have nova credentials. [04:15:51] are you guys really having that issue again? [04:15:52] wtf [04:16:09] I wonder if I somehow reverted my change [04:16:26] Nope, I had it last week but it works now! Well works to the point I can see instances but do nothing with them :P [04:16:36] heh [04:16:47] no. my fix is still there [04:16:59] Does it start with // DIE MEDIAWIKI? [04:17:03] heh [04:17:06] it should [04:18:13] I'm clearly bored as my desktop now has ruby installed, not that I'm any closer to figuring out if puppet is worth this hastle. [04:21:09] 01/11/2012 - 04:21:08 - Creating a home directory for yaron at /export/home/bastion/yaron [04:21:49] hahaha [04:21:51] ruby sucks [04:22:09] 01/11/2012 - 04:22:09 - Updating keys for yaron [04:22:35] Indeed it does, the hastle of ruby makes me dislike puppet and I've only configured it for one node :( [04:29:15] +1 [04:29:18] trust me. I know [04:29:21] we hate puppet [04:29:25] but the alternative is chef [04:29:33] and guess what it's written in? :) [04:30:00] I started out along the lines of cfengine but it kinda sucks for doing anything more logicall than please put file from x to y and make sure its perms are xxx. [04:36:49] yeah [04:36:59] well, there's also juju now [04:37:08] but it doesn't really do what I'd like either [04:37:23] scary stuff http://www.reddit.com/r/hardware/comments/oae0u/adventures_in_a_datacenter_run_by_apes/ [04:37:33] I really just want a non-shitty, written in python, version of puppet [04:37:37] that has some iteration [04:37:52] and has the ability to run some actions for everything on the server, and others on the client [04:38:51] :D [04:38:58] it's our datacenter! [04:39:09] rob would kill me if he saw me say that [04:39:15] haha [04:39:20] because he keeps our datacenter beautiful [04:39:40] I have a slightly annoying setup where there are say 5 types of servers, each has their own policies and can't access the files for the other types /or/ the list of hostnames :( Which means extending nodes from nodes as far as I can tell just isn't going to work due to the face all those manifests are downloaded to the client *sigh* [04:39:40] From the pictures I see I agree :) [04:40:56] well, you can use exported resources [04:41:09] but you'll need a database of some variety [04:41:20] Holy sh**, his temps is a good way to kill hardware. [04:42:18] heh [04:42:28] "the network was drowning in broadcast traffic. The CEO's solution was to disable spanning tree on all the switches, because it "causes uneeded overhead."" [04:42:50] so, new thing I'm working on: https://labsconsole.wikimedia.org/wiki/Special:Ask/-5B-5BResource-20Type::project-5D-5D/-3F/-3FMember/-3FDescription/mainlabel%3D-2D [04:42:57] descriptions for all projects [04:43:06] as well as documentation [04:43:09] Hmm a database on the master node or the clients? There will be (when I finish writing it) a db of the hosts, which will also list things like their puppet class. Debating betwean just dumping those out into pp files or using the puppet exec db thing that it uses for ldap. [04:43:09] https://labsconsole.wikimedia.org/wiki/Nova_Resource:Bastion [04:43:12] on the project page [04:43:25] oh get out of here with your semantic crap ;) [04:43:30] :) [04:44:46] Oooh shiny, red links urgh :P [04:44:49] yeah [04:44:56] I'm going to make OSM populate all of them [04:45:02] I haven't gotten to that yet [04:45:13] o.0 [04:45:24] Wth at the "This property is special" hover box thing. [04:45:31] where? [04:45:58] I'm not seeing this [04:46:04] Hover over "Modification date" on the resource page. [04:46:08] ah [04:46:29] basically it's saying it's prepopulated [04:46:38] err [04:46:42] automatically generated [04:47:34] hm. I need to make the project pages set __NOEDITSECTION__ [04:48:23] oh. I can do that in the template [04:53:06] I can't transclude in __NOEDITSECTION__? [04:55:31] * Damianz thinks he might hate php [04:59:21] Ryan_Lane: [04:59:27] Ryan_Lane: Try includeonly? [04:59:32] tried :( [04:59:37] hm [05:00:10] __NOEDITSECTION__ [05:00:22] Hacks like that are used alot, try ut [05:00:25] haahah [05:00:53] nope [05:01:08] Daern [05:51:22] hexmode: Don't import file pages on commons unless the file gets uploaded as well [05:51:30] Otherwise this happens: http://commons.wikimedia.deployment.wmflabs.org/wiki/File:P14.png [05:53:15] what are you talking about? (But I did upload a few images from one category) [05:53:35] johnduhart: I'm not seeing the issue with that page... halp? [05:54:02] hexmode: Content is duplicated and it's weird [05:54:27] Not a major issue just, eh [05:54:30] oh, yeah, I see now [05:55:09] just got excited about helping someone test commons... [05:55:20] heh that's okay :) [05:55:36] johnduhart: is it using instantcommons... is that how the dupe stuff happens? [05:56:15] Yeah, I added instantcommons to all of the wikis so we get images instead of a load of redlinks [05:56:26] Our commons has prioirty however [05:56:54] sure [05:56:58] makes sense [08:38:56] Ryan_Lane: Hi [08:39:06] hi [08:39:18] I am at work now, but can help out :) [08:40:24] well, look at the proposals list, and pick something out [08:40:38] ok. [08:40:51] * Damianz picks initialize skynet [10:48:31]