[00:34:38] 10Continuous-Integration-Infrastructure (Zuul upgrade): Update ZuulDevOpsBot app credentials to include admin role access - https://phabricator.wikimedia.org/T399780#11011546 (10bd808) [00:39:10] 10Continuous-Integration-Infrastructure (Zuul upgrade): Update ZuulDevOpsBot app credentials to include admin role access - https://phabricator.wikimedia.org/T399780#11011551 (10bd808) [13:26:00] 10Continuous-Integration-Infrastructure (Zuul upgrade), 10Continuous-Integration-Config: Simplify how GitHub oauth token is passed to composer - https://phabricator.wikimedia.org/T399846 (10hashar) 03NEW [15:50:39] bd808: for GitHub rate limiting composer, you created a token which is exposed to Jenkins jobs via the credentials binding plugin as `COMPOSER_GITHUB_OAUTHTOKEN` [15:51:08] I am considering dropping that cause that requires invoking "composer config" and not all jobs/entrypoints are doing it [15:51:27] there are some jobs that lacks the credential binding as well such as all the Quibble jobs (which run mediawiki tests) [15:52:01] I could set a global env variable in Jenkins: `COMPOSER_AUTH={"github-oauth":{"github.com":""}}` [15:52:49] and it will be made available to all jobs / containers invocation without having to remember to bind the credential and to run composer config [15:53:35] the only drawback is that the token can then be exposed. But my guess is that it is already easy to expose it :) [15:53:54] my dumb task is https://phabricator.wikimedia.org/T399846 [15:55:05] if we don't care about further exposing the token, I'll set the global env variable COMPOSER_AUTH and remove from jobs and images COMPOSER_GITHUB_OAUTHTOKEN and its associated composer config [17:25:36] 10Continuous-Integration-Infrastructure (Zuul upgrade): Flannel networking broken in Magnum cluster because upstream containers are missing - https://phabricator.wikimedia.org/T399882 (10bd808) 03NEW [17:43:12] 10Continuous-Integration-Infrastructure (Zuul upgrade): Flannel networking broken in Magnum cluster because upstream containers are missing - https://phabricator.wikimedia.org/T399882#11014618 (10bd808) `lang=irc [17:28] < bd808> andrewbogott: T399882 is a thing that I am now curious about in the PAWS and Qu... [17:49:36] hashar: using COMPOSER_AUTH seems fine. if the credential leaks then we may start having rate limit issues again, but we can always rotate it and just keep on top of that potential problem. The backing account is deliberately unprivileged everywhere so that a leaked token is not a security issue. [20:26:17] 10Continuous-Integration-Infrastructure (Zuul upgrade): Update ZuulDevOpsBot app credentials to include admin role access - https://phabricator.wikimedia.org/T399780#11015189 (10bd808) [21:12:44] 10Continuous-Integration-Infrastructure (Zuul upgrade), 13Patch-For-Review: Update ZuulDevOpsBot app credentials to include admin role access - https://phabricator.wikimedia.org/T399780#11015296 (10bd808) [21:15:31] 10Continuous-Integration-Infrastructure (Zuul upgrade), 13Patch-For-Review: Update ZuulDevOpsBot app credentials to include admin role access - https://phabricator.wikimedia.org/T399780#11015315 (10bd808) > [] Tell @bd808 and @jnuche to update their local dev envvars for the new requirements Hey @jnuche, upda... [21:15:42] 10Continuous-Integration-Infrastructure (Zuul upgrade): Update ZuulDevOpsBot app credentials to include admin role access - https://phabricator.wikimedia.org/T399780#11015317 (10bd808) [21:15:47] 10Continuous-Integration-Infrastructure (Zuul upgrade): Update ZuulDevOpsBot app credentials to include admin role access - https://phabricator.wikimedia.org/T399780#11015319 (10bd808) 05Open→03Resolved [21:38:13] 10Continuous-Integration-Infrastructure (Zuul upgrade), 13Patch-For-Review: Provision Kubernetes cluster and bastion using OpenTofu and Magnum - https://phabricator.wikimedia.org/T396936#11015359 (10bd808) [23:37:53] 10Continuous-Integration-Infrastructure (Zuul upgrade): Add helpers/instructions for ssh into a Kubernetes cluster node for debugging - https://phabricator.wikimedia.org/T399910 (10bd808) 03NEW [23:40:38] 10Continuous-Integration-Infrastructure (Zuul upgrade): Flannel networking broken in Magnum cluster because upstream containers are missing - https://phabricator.wikimedia.org/T399882#11015508 (10bd808) 05Open→03In progress a:03bd808 [23:41:59] 10Continuous-Integration-Infrastructure (Zuul upgrade): Flannel networking broken in Magnum cluster because upstream containers are missing - https://phabricator.wikimedia.org/T399882#11015516 (10bd808) https://gitlab.wikimedia.org/repos/releng/zuul/tofu-provisioning/-/jobs/565893 is rebuilding the cluster. I ex...