[00:04:30] <Ryan_Lane>	 saper: it's a self-signed
[00:05:46] <saper>	 yeah but it's needed to set up curl
[00:05:49] <saper>	 found in puppet
[00:06:22] <saper>	 it should be served by apache which reminds me of https://bugzilla.wikimedia.org/show_bug.cgi?id=35709
[12:01:27] <wm-bot>	 Change on 12mediawiki a page Developer access was modified, changed by Kaboomki link https://www.mediawiki.org/w/index.php?diff=570852 edit summary: 
[14:10:20] <Hydriz>	 !log incubator Deleted incubator-bot0, inaccessible for a period of time...
[14:10:29] <Hydriz>	 crash...
[14:11:55] <Hydriz>	 !log incubator Deleted incubator-bot0, inaccessible for a period of time...
[14:11:56] <labs-morebots>	 Logged the message, Master
[14:12:12] <Hydriz>	 !log bots Fixed morebots.
[14:13:02] <Hydriz>	 !log bots Fixed morebots.
[14:13:23] <jeremyb>	 who knows about switching which botbrain a channel uses?
[14:14:04] <jeremyb>	 saper: no, that bug was wrong
[14:14:22] <jeremyb>	 gerrit.wikimedia.org is probably misconfigured right now
[14:14:38] <jeremyb>	 let's not misconfigure any others
[14:15:20] <saper>	 which bug?
[14:15:39] <jeremyb>	 10 00:06:22 < saper> it should be served by apache which reminds me of https://bugzilla.wikimedia.org/show_bug.cgi?id=35709
[14:15:55] <saper>	 jeremyb: it's only a slight misconfiguration
[14:16:08] <saper>	 a
[14:16:10] <saper>	 ah
[14:16:14] <saper>	 you mean wrong cert altogether
[14:17:35] <jeremyb>	 no, i mean the root cert should just be not served at all
[14:18:07] <saper>	 gerrit is misconfigured in a way that SSLCACerificateFile argument points to an unrelated CA certifiate
[14:18:16] <saper>	 I think we've had this discussion before
[14:18:46] <jeremyb>	 yes we have. idk what you mean though
[14:18:57] <jeremyb>	 i don't particularly want to have the discussion again now though
[14:19:03] <saper>	 I think it should be; (1) I could fetch it from the SSL and store as trusted (2) we are now entering an era where SSL clients will check against "last good known certificate" and not necessarily one from the CAs
[14:19:32] <jeremyb>	 what do you mean era?
[14:19:37] <jeremyb>	 which clients?
[14:20:30] <saper>	 https://datatracker.ietf.org/doc/draft-ietf-websec-key-pinning/?include_text=1
[14:49:31] <jeremyb>	 saper: can't we just all use monkeysphere please?
[14:49:32] <jeremyb>	 kthx
[14:50:53] <saper>	 jeremyb: would be great... 
[14:50:58] <saper>	 but spki was fine
[14:51:04] <jeremyb>	 idk that one
[14:51:42] <saper>	 actually afair key pinning and other proposals kind of use some spki ideas
[17:22:00] <adminxor>	 !log syslog-collection test
[17:22:37] <adminxor>	 logging bot is still not fixed i guess?
[18:21:41] <MichaelShavlovsk>	 Hi Ryan_Lane, I allocated IP adress to for the instance where I installed  mediawiki and extension. I cannot access it from the Internet. I think the problem is with DNS. Here is details. If i type ip address in the prowser then I have access to default index.html in /var/www. If I type ip_address/mediawiki then address line in the browser changes to "http://i-0000039e.pmtpa.wmflabs/mw/index.php/Main_Page" and "Firefox 
[18:21:41] <MichaelShavlovsk>	 can't find the server at i-0000039e.pmtpa.wmflabs", and I cannot access default index.html in /var/www by typing i-0000039e.pmtpa.wmflabs in the address line. If I use socks proxy then I can access the mediawiki. I think the problem is with DNS, but I don't know what should I do to fix it. Any ideas?
[18:26:48] <Ryan_Lane>	 MichaelShavlovsk: did you associate it with an instance?
[18:26:55] <MichaelShavlovsk>	 yes
[18:26:56] <Ryan_Lane>	 did you give the ip a host name?
[18:27:01] <MichaelShavlovsk>	 yes
[18:27:09] <Ryan_Lane>	 which project is this?
[18:27:19] <MichaelShavlovsk>	 blamemaps
[18:27:28] <MichaelShavlovsk>	 host name is blamemaps.wmflabs.org
[18:27:30] <Ryan_Lane>	 oh
[18:27:44] <Ryan_Lane>	 it's pingable
[18:28:03] <Ryan_Lane>	 you don't have a security group rule that allows 80 and 443 port access from the outside world
[18:28:35] <MichaelShavlovsk>	 i did security group for 80 port
[18:28:46] <MichaelShavlovsk>	 hmm
[18:28:50] <Ryan_Lane>	 it works for me
[18:29:03] <Ryan_Lane>	 http://blamemaps.wmflabs.org/
[18:29:12] <Ryan_Lane>	 I got an "It works!" page
[18:29:31] <MichaelShavlovsk>	 yes it works, but what about blamemaps.wmflabs.org/mediawiki
[18:29:41] <MichaelShavlovsk>	 I cannot access it
[18:29:44] <Ryan_Lane>	 ah
[18:29:49] <Ryan_Lane>	 it's trying to redirect to the instance name
[18:29:54] <MichaelShavlovsk>	 yes
[18:29:58] <Ryan_Lane>	 you need to change the site name in the mediawiki config
[18:30:03] <Ryan_Lane>	 err
[18:30:04] <Ryan_Lane>	 the url
[18:30:08] <Ryan_Lane>	 otherwise it'll redirect
[18:30:47] <MichaelShavlovsk>	 I see, it is mediawiki changes the name
[18:31:00] <MichaelShavlovsk>	 is it in LocalSettings.php?
[18:34:47] <Platonides>	 Ryan_Lane/mutante, can you add a public ip to the gitolite project?
[18:34:53] <Ryan_Lane>	 sure
[18:35:00] <Ryan_Lane>	 MichaelShavlovsk: yes
[18:36:32] <mutante>	 !log gitolite raised IP quota to 1
[18:36:32] <labs-morebots>	 gitolite is not a valid project.
[18:38:16] <MichaelShavlovsk>	 Ryan_Lane: thanks, it works now
[18:38:22] <Ryan_Lane>	 great
[18:41:18] <Ryan_Lane>	 !log gitolite raised IP quota to 1
[18:41:19] <labs-morebots>	 gitolite is not a valid project.
[18:41:59] <Ryan_Lane>	 !log gitolite raised IP quota to 1
[18:41:59] <labs-morebots>	 gitolite is not a valid project.
[18:42:19] <Ryan_Lane>	 weird
[18:43:09] <Ryan_Lane>	 it's pulling ldap entries
[18:43:12] <Ryan_Lane>	 but not gitolite
[18:48:02] <Ryan_Lane1>	 Platonides: which project do you really mean?
[18:48:18] <Ryan_Lane>	 Platonides: because there's no gitolite project
[18:48:25] <Ryan_Lane>	 !log testing test
[18:48:47] <Ryan_Lane>	 !log testing test
[18:48:56] <Ryan_Lane>	 labs-morebots: poke
[18:49:02] <Ryan_Lane>	 !log testing test
[18:49:32] <Ryan_Lane>	 !log testing test
[18:49:34] <Ryan_Lane>	 damn it
[18:50:04] <Ryan_Lane>	 !log testing test
[18:50:17] <Ryan_Lane>	 wrong password?
[18:50:19] <Ryan_Lane>	 odd
[18:54:01] <Ryan_Lane>	 !log testing test
[18:55:27] <Platonides>	 sorry, Ryan_Lane
[18:55:31] <Platonides>	 the project was gitorious
[18:55:35] <Ryan_Lane>	 ah
[18:57:16] <Platonides>	 fill it when you can
[18:57:58] <Ryan_Lane>	 wtf is up with mwclient on bots-labs?
[18:59:23] <Ryan_Lane>	 ah. it's missing domain
[19:00:15] <Ryan_Lane>	 how did this code ever work?
[19:01:54] <Ryan_Lane>	 !log testing test
[19:02:00] <Ryan_Lane>	 really?
[19:02:55] <Ryan_Lane>	 !log testing test
[19:02:56] <labs-morebots>	 Logged the message, Master
[19:02:58] <Ryan_Lane>	 better
[19:03:05] <Ryan_Lane>	 guess I need to fix that package
[19:31:09] <Ryan_Lane>	 paravoid: http://www.alexnetwork.it/2012/08/10/tutorials/openstack-force-writethrough-cache-mode-in-qcow2-images.html
[19:31:32] <Ryan_Lane>	 so, two things to do: virtio and writethrough cache
[19:34:57] <jeremyb>	 Ryan_Lane: errr, that's 404 ?
[19:35:04] <Ryan_Lane>	 it is?
[19:35:33] <Ryan_Lane>	 interesting
[19:35:38] <Ryan_Lane>	 it's in my google reader
[19:39:06] <jeremyb>	 Ryan_Lane: i don't see it in the recent posts sidebar when i visit the docroot
[19:39:11] <Ryan_Lane>	 yeah, me either
[19:39:21] <Ryan_Lane>	 basically, openstack is running qcow images with cache=none
[19:39:31] <Ryan_Lane>	 when it should likely run them with cache=writethrough
[19:39:56] <jeremyb>	 are we runnung xen or kvm?
[19:40:01] <Ryan_Lane>	 oh
[19:40:02] <Ryan_Lane>	 wait
[19:40:07] <Ryan_Lane>	 it seems the default is writethrough
[19:40:24] <Ryan_Lane>	 maybe newer versions of openstack add cache=none
[19:40:55] <Ryan_Lane>	 our version has nothing set on kvm in the process list, so it's using writethrough
[19:45:48] <Ryan_Lane>	 hm, we should make kvm pass all available cpu flags, too
[19:45:58] <Ryan_Lane>	 since we aren't doing live migrations
[20:31:19] * jeremyb  bumps Ryan_Lane for ircecho ;)

[20:43:29] * ^demon  echo's jeremyb ;-)

[20:53:11] <adminxor>	 !log syslog-collection test
[20:53:12] <labs-morebots>	 Logged the message, Master
[20:53:24] <adminxor>	 great! it's working now.
[20:53:30] <labs-logs-bottie>	 test
[20:53:46] <jeremyb>	 how odd
[20:54:15] <labs-logs-bottie>	 hi ^demon, thanks for the echo!
[21:05:08] <adminxor>	 !log syslog-colleaction moved the whole stuff to larger instance i-000003a9
[21:05:08] <labs-morebots>	 syslog-colleaction is not a valid project.
[21:05:29] <adminxor>	 oopsie
[21:05:39] <adminxor>	 !log syslog-collection moved the whole stuff to larger instance i-000003a9
[21:05:40] <labs-morebots>	 Logged the message, Master
[21:07:51] <adminxor>	 !log syslog-collection fixed a little glitch "java.io.IOException: Too many open files" thrown by ES
[21:07:52] <labs-morebots>	 Logged the message, Master
[21:09:08] <adminxor>	 !log syslog-collection ready to receive all kinds of logs. Please donate some logs :-)
[21:09:09] <labs-morebots>	 Logged the message, Master
[21:15:50] <adminxor>	 Ryan_Lane: sorry to come back to you again on this, but can we have some logs redirected to UDP port 5544 of i-000003a9?0,00?
[21:16:01] <Ryan_Lane>	 yep
[21:16:04] <adminxor>	 I know you are busy
[21:16:07] <Ryan_Lane>	 can we wait until monday, though?
[21:16:13] <Ryan_Lane>	 best not to make a lot of changes on friday
[21:16:24] <adminxor>	 sure ofcourse.
[21:16:42] <adminxor>	 just wanted to know your thoughts/strategy
[21:17:24] <Ryan_Lane>	 don't really have much of one right now :)
[21:19:52] <^demon>	 Ryan_Lane: Can we push out the new gerrit manifest today then? ;-)
[21:20:22] <adminxor>	 we can have an entry in /etc/rsyslog.d/50-default*.conf like this "*.*  @i-000003a9:5544" without "&~" in the next line to make sure logs are written locally as well as sent to logstash
[21:20:55] <adminxor>	 i really hope this whole thing will not be a waste at the end :)
[21:21:33] <Ryan_Lane>	 ^demon: heh
[21:21:54] <Ryan_Lane>	 adminxor: well, it could be, but that's part of the job, right? :)
[21:22:11] <Ryan_Lane>	 and it's fun to set things up
[21:22:13] <Ryan_Lane>	 less fun to manage
[21:22:22] <gerrit-wm>	 New patchset: Demon; "Adding .gitreview" [labs/private] (master) - https://gerrit.wikimedia.org/r/18655
[21:22:25] <adminxor>	 yeah, that's true!
[21:24:44] <gerrit-wm>	 Change abandoned: Demon; "This one was a mistake on my part, my script was dumb." [labs/private] (master) - https://gerrit.wikimedia.org/r/18655
[21:25:17] <adminxor>	 btw, why does it show only one instance on the project page when i have two more!
[21:36:00] <Ryan_Lane>	 ^demon: I don't see your gerrit manifests change in my review queue
[21:36:22] <^demon>	 I think we might've removed it so you didn't get spammed with 21 patchset notifications :)
[21:36:44] <^demon>	 Added you, it's https://gerrit.wikimedia.org/r/#/c/13484/
[21:36:44] <Ryan_Lane>	 ah
[21:36:48] <Ryan_Lane>	 thanks
[21:37:03] <Ryan_Lane>	 I'm going to try to patch nova to fix the 500s, then I'm oging to go through my queue
[21:44:34] <Platonides>	 LabsAntiSpamBot ? What's that expected to do?
[21:54:57] <ori-l>	 hrm, odd. i can't ssh into one of my instances. my public key is rejected. same key i've used in the past, and the same one that's showing up in labsconsole.
[22:53:01] * Platonides  reminds Ryan_Lane about giving an IP to gitorious

[22:55:27] <Platonides>	 night