[14:21:17] <sukhe>	 XioNoX: so following the usual plan, disabling Puppet on C:bird, roll it out on a few hosts, test and take it from there?
[14:21:37] <XioNoX>	 sukhe: yeah exactly
[14:22:37] <sukhe>	 ok starting. 
[14:23:58] <XioNoX>	 97 hosts with 'C:bird' that's becoming quite a lot!
[14:24:18] <sukhe>	 yeah, the most recent is the hcaptcha-proxy anycast
[14:24:28] <sukhe>	 XioNoX: "fun"
[14:30:09] <XioNoX>	 sukhe: let me know which host you're starting with and I can double check that BGP is coming up properly
[14:30:31] <sukhe>	 XioNoX: dns7001
[14:32:27] <sukhe>	 (running)
[14:34:09] <sukhe>	 XioNoX: please check dns7001 thanks
[14:35:14] <sukhe>	         10.3.0.5/32,
[14:35:14] <sukhe>	         198.35.27.27/32,
[14:35:14] <sukhe>	         10.3.0.1/32
[14:35:17] <XioNoX>	 BGP is established and looking cleaner than before:
[14:35:17] <XioNoX>	 before: Peer: 2a02:ec80:700:1:195:200:68:4+36443 AS 64605 Local: fe80::429e:a402:c78c:6c00+179 AS 4265007001
[14:35:17] <XioNoX>	 After :  Peer: 2a02:ec80:700:1:195:200:68:4+179 AS 64605 Local: 2a02:ec80:700:1::1+51947 AS 4265007001
[14:35:32] <sukhe>	 we should check v6 
[14:35:51] <sukhe>	 bird is advertising         2a02:ec80:53::1/128
[14:36:16] <XioNoX>	 yep, receiving * 2a02:ec80:53::1/128     2a02:ec80:700:1:195:200:68:4            64605 I on the switch
[14:36:41] <sukhe>	 ok awesome. let's check one host in eqiad and codfw as well. doing dns1004
[14:36:42] <XioNoX>	 and I can ping it from the switch
[14:36:47] <XioNoX>	 so we're all good here
[14:38:25] <XioNoX>	 dns1004 should be a NOOP if all goes well
[14:38:49] <sukhe>	 yep :)
[14:39:03] <sukhe>	 trying one host in esams too, sorry for being overly paranoid. I mean we can always blame topranks if it doesn't go well but yeah.
[14:39:29] <XioNoX>	 nah, if we can test other types of hosts that would be great too
[14:39:37] <XioNoX>	 in theory it should be a NOOP on VMs
[14:39:45] <XioNoX>	 I'm testing codfw routed ganeti
[14:39:50] <sukhe>	 yes please thanks
[14:40:47] <sukhe>	 -    interface "eno12399np0";
[14:40:47] <sukhe>	 -    neighbor fe80::8243:3f01:3717:4ec0 external;
[14:40:47] <sukhe>	 +    neighbor 2a02:ec80:300:1::1 external;
[14:40:59] <sukhe>	 dns3004, so also expected
[14:41:13] <topranks>	 sorry it's "blame Arzhel week" pa paul said it.... so you can't blame me :P 
[14:41:14] <XioNoX>	 good, let me check
[14:41:39] <sukhe>	 topranks: :P
[14:41:54] <XioNoX>	 ganeti2033 looks good
[14:42:12] <topranks>	 nice!
[14:42:14] <sukhe>	 (waiting for confirmation on dns3004)
[14:42:50] <taavi>	 topranks: already did
[14:42:55] <XioNoX>	 sukhe: `2a02:ec80:53::1/128     2a02:ec80:300:1:185:15:59:2` all good for dns3004
[14:43:33] <sukhe>	 awesome
[14:43:42] <sukhe>	 ok, I think we can roll it out everywhere then?
[14:43:46] <topranks>	 yeah nice work, glad this didn't turn into a can of worms 
[14:44:07] <topranks>	 my ocd never liked the mis-matched address fams configured either side anyway :P 
[14:44:30] <XioNoX>	 hahah
[14:44:48] <XioNoX>	 so dns is fine and ganeti is fine, anything else we should look at first?
[14:44:50] <topranks>	 sukhe: I think so, unless there are other important host types we forgot?  
[14:45:00] <XioNoX>	 maybe cephosd or cloudlb or cloudservice or centralog?
[14:45:01] <topranks>	 routed_ganeti works, non-routed-ganeti peers with CRs so unaffected?
[14:45:08] <sukhe>	 centrallog for sure I guess
[14:45:10] <topranks>	 oh yeah forgot about those 
[14:45:15] <XioNoX>	 non-routed-ganeti doesn't do BGP
[14:45:37] <sukhe>	 XioNoX: ?
[14:45:54] <sukhe>	 you mean not with the ganetis that is?
[14:45:57] <taavi>	 I will check cloudservices/cloudlb
[14:46:03] <sukhe>	 taavi: thanks
[14:46:06] <XioNoX>	 taavi: <3
[14:46:10] <XioNoX>	 sukhe: ?
[14:46:17] <topranks>	 XioNoX: I meant the VMs on it like doh or whatever 
[14:46:28] <topranks>	 which peer with CRs so shouldn't be affected I believe 
[14:46:35] <sukhe>	 yeah
[14:46:40] <sukhe>	 but I guess we can double check those
[14:46:45] <XioNoX>	 topranks: ah, yeah, or with their local router, like baremetal
[14:47:00] <XioNoX>	 so worth having a look
[14:47:31] <taavi>	 no changes for those as expected
[14:47:33] <sukhe>	 picking doh1001 in eqiad
[14:47:50] <XioNoX>	 ok
[14:48:50] <sukhe>	 NOOP
[14:49:12] <XioNoX>	 sukhe: should be a NOOP there, maybe DOH in drmrs as well as it's old ganeti or modern networking
[14:49:26] <sukhe>	 yep, trying that
[14:51:26] <sukhe>	 XioNoX: can you check doh6002 and/or (185.71.138.138/32 and 2001:67c:930::1/128)
[14:51:32] <XioNoX>	 thx
[14:53:03] <XioNoX>	 er, small problem in drmrs...
[14:53:12] <sukhe>	 oh?
[14:53:39] <XioNoX>	 the public vlan gateway is configured as `2a02:ec80:600:102:10:136:1:1` and not `2a02:ec80:600:102::1`
[14:54:41] <XioNoX>	 that's the private, but public is `2a02:ec80:600:2:185:15:58:33` and not `2a02:ec80:600:2::1`
[14:55:52] <XioNoX>	 topranks, what do you think of adding it with https://www.irccloud.com/pastebin/5gvDUQ6A/
[14:56:07] <XioNoX>	 and then later on removing the old one
[14:56:31] <XioNoX>	 servers use the link local as next hop so it shouldn't have any impact
[14:57:02] <XioNoX>	 sukhe: I don't think we deviate from our standards anywhere else
[14:57:22] <topranks>	 XioNoX: +1 from me 
[14:57:42] <topranks>	 I'll sleep so much sounder tonight we're removing all the little things I never liked :P 
[14:58:20] <XioNoX>	 alright, BGP is up!
[14:58:25] <topranks>	 but yeah it should be safe, RAs come from the link-local, BGP already peered with LL should remain stable 
[14:58:58] <XioNoX>	 doing the same for private and then the other switch
[14:59:06] <topranks>	 XioNoX: one thing perhaps to check, exsiting servers there doing BGP, what next-hop do they see for v6 routes?
[14:59:16] <topranks>	 shouldn't be the GUA address but just in case 
[14:59:56] <topranks>	 XioNoX: ignore me, we don't use any routes from bgp on the server side 
[15:00:09] <topranks>	 default is link-local, it should be good 
[15:01:30] <XioNoX>	 done for both racks
[15:02:02] <sukhe>	 XioNoX: ok thanks. can you remind me again why drmrs was the only site different in this regard? I vaguely remember something but I don't remember what exactly
[15:02:37] <XioNoX>	 sukhe: I probably decided to be creative when I set it up and used the v4 to v6 mapping we use for servers :)
[15:02:44] <topranks>	 no particular reason I think.  we were following how we did the same mapping we do for servers 
[15:03:36] <sukhe>	 ok. 
[15:03:43] <sukhe>	 anything else to check I guess?
[15:05:02] <sukhe>	 or should we roll out everywere (-b1 -s5) for C:bird
[15:06:02] <XioNoX>	 sukhe: I think we can roll it everywhere
[15:07:34] <sukhe>	 ok
[15:07:42] <sukhe>	 starting
[15:07:47] <jayme>	 jhathaway, elukey: we're going to upgrade kafka-main in eqiad to kafka 3.7
[15:07:58] <jasmine_>	 thanks jayme!
[15:08:09] <jhathaway>	 thanks jayme 
[15:12:26] <elukey>	 \o/
[15:13:45] <sukhe>	 XioNoX: it will take a while, I am doing -s5 and batch of 1. happy to baby sit this fwiw.
[15:13:54] <XioNoX>	 sukhe: sounds good! thx
[15:13:58] <sukhe>	 but if your end of day is near, I can simply push it everywhere else in one go 
[15:14:37] <XioNoX>	 sukhe: nah it's ok to go slowly, I've manually enabled it where it mattered most
[15:18:38] <sukhe>	 ok