[13:36:45] moritzm and/or elukey, seen any issues with grub partitions when doing Trixie reimages? T407586 [13:36:46] T407586: latest Trixie image (as of 2025-10-16) grub failure - https://phabricator.wikimedia.org/T407586 [13:37:03] I have not really investigated other than to confirm that it reproduces w/Trixie and not with Bookworm. [13:38:10] we have 24 hosts in prod on trixie, this must be something specific to the partman recipe for that node [13:38:11] (and I'm about to run off, but cloudcontrol2010-dev.codfw.wmnet is available as tribute) [13:38:40] I agree, I've also reimaged other Trixie hosts without seeing this. [13:39:20] But it's a very standard recipe [13:40:43] * andrewbogott wonders about "# this workarounds LP #1012629 / Debian #666974 # it makes grub-installer to jump to step 2, where it uses bootdev" [13:42:35] * andrewbogott reads an email thread featuring circa 2012 Faidon [13:43:47] andrewbogott: the only issues that we have seen are related to UEFI nodes, and IIUC this one is not so I agree with Moritz that it must be something partman-related [13:44:10] Correct, not uefi [13:46:46] I pinged you (elukey) assuming that you're the keeper of the standard partman recipe, but of course your weekend begins in an hour. If you don't get there first I'm going to try reverting that 'workaround' and see if it does the right thing now, 10 years after that bug was declared fixed. [13:49:10] :) [13:51:20] A wild Faidon appears! [13:52:11] * andrewbogott out for a doctor's appointment. The perfect start to a day that will be spent with partman. [14:09:10] hi paravoid :P [15:35:08] andrewbogott: please note that Filippo created https://gitlab.wikimedia.org/repos/sre/preseed-test, that may be very useful to quickly test partman changes (also it would be great to see if the issue reproduces there) [16:31:37] yes, looking forward to trying that out [17:47:55] andrewbogott If you wanna pair on partman LMK. I've got a new recipe too. If you have a Mac, maybe we can figure out some way to do the thing. I'm avoided installing an x86 VM and adding nested virtualization so far ;P [17:49:05] I have an x86 VM and preseed-test sort of works but I'm not sure it's any faster than just testing in prod [17:51:40] ACK. The hosts that need my recipe aren't actually in the DC yet, so I might get off my butt and set it up on my local Mac, then. Are you using Mac? [17:53:53] yeah, an m4 mac and a trixie VM on UTM [17:54:44] seems to all work fine except for the partman part :) [17:55:46] As usual ;). I'm getting better with partman but I still think we should give https://fai-project.org/ a try at some point [18:10:48] If I try to use any number of drives but 4 the kvm command dies with [18:10:50] 'kvm: -cdrom ./workdir/debian-netinst.iso: drive with bus=2, unit=0 (index=2) exists' [18:11:00] I guess you probably aren't there yet [18:18:51] inflatador: you will need this before setting up preseed-test https://gitlab.wikimedia.org/repos/sre/preseed-test/-/merge_requests/5 [18:30:54] andrewbogott thanks! I just downloaded trixie, haven't installed it yet [19:09:49] I am using profile::pki::get_cert which uses modules/cfssl to get some TLS certs in puppet. I am getting the usual .pem files from that.. cert, key, chain etc. But I need keystore/truststore pkcs12 files for a Java application. Do i need to run openssl pkcs12 commands manually to convert them? Or can I also get them automatically? [19:26:22] mutante: sslcert::x509_to_pkcs12 [19:26:42] # @summary create pkcs12 file from a x509 public/private key pair [19:26:48] should have various invocations in the repo [19:28:34] sukhe: ooh! thank you!:) will check it out [19:46:40] <3 that java ;P [19:49:20] only like the island