[07:20:03] 10serviceops, 10Operations, 10Beta-Cluster-reproducible, 10User-Joe: Update confd package - https://phabricator.wikimedia.org/T147204 (10Joe) p:05Low→03Normal a:03Joe [08:18:24] <_joe_> akosiaris: let's discuss here, as I need an answer from you :P. Re: the use of volume in the envoy tls proxy image [08:19:11] <_joe_> AIUI, in kubernetes we will just define one configmap for the cert and one secret for the ssl key, and just put them into /etc/envoy/ssl [08:19:29] <_joe_> but what should happen on a bare docker installation? [08:19:44] <_joe_> VOLUME seemed to be a good option [08:20:15] <_joe_> the alternative is people need to specify the volume at every run, which probably makes sense? [08:20:35] <_joe_> so what do you think? [08:22:47] who are the users of the bare docker installation? [08:25:31] depending on their expected number, it might be ok to ask people to specify the volume at every run [08:25:51] which I am fine with btw, I 've met more than 1 images that do exactly that [08:26:02] generally speaking VOLUME has been a historical mess [08:26:08] and still is [08:26:28] e.g. it does not allow multiple volumes of different drivers etc [08:27:07] so I 'd +1 an entry in the README saying "hey, populate a directory locally and pass -v blah:/etc/envoy/ssl if you want to rely on a bare docker install" [08:28:08] <_joe_> yeah, it's probably the best course of action [08:28:16] <_joe_> I was looking at the literature [08:28:34] <_joe_> as in published dockerfiles [08:28:49] <_joe_> and while that's not a great reference in general, it seems like an acceptable interface [09:22:54] <_joe_> akosiaris: do you see value in running a container as non-root, specifically envoy in our case? [09:23:15] <_joe_> because that means I have to change further the base image from what was done before [09:23:28] yes of course [09:24:03] some of the vulns that have been released last year require root in the container [09:24:28] <_joe_> my same line of thinking [09:24:36] <_joe_> also [09:25:01] <_joe_> I just realized how useful it is to have an example-run script, besides the readme [09:25:28] <_joe_> and how CI should probably require there is one, and that it works as expected when you build the image. [10:41:09] hi, I was going through my reviews queue, is https://gerrit.wikimedia.org/r/c/operations/puppet/+/529789 sth still relevant/worked on ? [10:53:52] godog: I was looking through it today [10:53:59] I think not, at least not currently [10:54:28] we 've gone the pod way and we already have a dashboard up and running at https://grafana.wikimedia.org/d/-sq5te5Wk/kubernetes-dns?orgId=1 [10:55:07] I wouldn't mind enabling the blackbox exporter for kubernetes services at some point, but it's not needed right now [10:56:13] _joe_: apergos: mutante: There's https://www.meetup.com/Athens-Kubernetes-Meetup/events/264516331/ today. I 'll probably attend it, my only issue is I 'll probably miss the team syncup meeting [10:56:15] akosiaris: totally (re: blackbox exporter) that'd be good to have, thansk for taking a look btw! [10:56:37] I guess effie too [10:56:52] we should have a blackbox-exporter style exporter soon for swagger checks too btw [10:57:01] oh nice! [10:57:17] ok, have a good meetup [10:58:07] <_joe_> akosiaris: no problemo! [10:58:28] <_joe_> godog: ok regarding that, I didn't see a followup patch to service-checker [11:00:28] _joe_: yeah I think for now it'll live in a separate repo and use servicechecker (the python module) [11:00:33] the review is at https://gerrit.wikimedia.org/r/c/operations/debs/prometheus-swagger-exporter/+/536376 [11:00:53] <_joe_> godog: only issue is, you need me to make a release :) [11:01:00] <_joe_> so ok I'll get to it [11:01:16] <_joe_> I did prepare the debian changelog for the new version but I didn't finalize the work there [11:01:51] indeed a release would be great _joe_ ! [11:01:59] <_joe_> will do this week [11:02:40] <_joe_> godog: uhm given the two things should be installed together anyways, it could've made sense to use the same repo? [11:02:46] <_joe_> not sure tbh [11:04:22] _joe_: indeed, I believe Cole tried with a single repo first but turned out to be non-trivial, hence the separate repo [15:02:38] 10serviceops, 10Thumbor, 10Performance-Team (Radar), 10User-jijiki: Terminate Thumbor with SSL - https://phabricator.wikimedia.org/T180696 (10jijiki) @Joe we will be moving towards this direction [15:10:22] <_joe_> apergos, mutante it's the three of us today [15:10:34] huh [15:10:51] that's a pretty tiny meeting [15:10:53] <_joe_> alex and effie are at a meetup [15:11:01] oh is effie too? right [15:11:07] I will leave in a bit [15:11:16] one of the perks of living in actual athens [15:11:45] I'll be the old grump who doesn't go :-D [15:12:32] well _joe_ is it worth meeting? or we could update the pad async. or I dunno [15:12:52] you all know what I've been doing: dumps catchup (completed Saturday) [15:13:16] <_joe_> I do have something to discuss with mutante if he's around [15:13:27] <_joe_> but that can be postponed as well to a 1:1 meeting another day [15:13:52] <_joe_> so yeah feel free to skip :) we need to talk about parsoid-php [15:17:45] can you give me the 30-second soundbyte version of that? [15:17:55] I'm only generally keeping tabs but still, interested [15:20:14] <_joe_> sure [15:22:47] its still using the cassandra backend and the restbase backend right? but the front end is in php and ... to be in core, or has it already been committed? [15:22:59] (now you can tell me how completely off base my understanding is :-P) [15:24:05] <_joe_> so, parsoid.js is just a stateless component that acts as a backend of restbase [15:24:18] <_joe_> and returns its results querying th mediawiki api [15:24:34] <_joe_> this service will be substituted by a specialized mediawiki endpoint [15:24:50] <_joe_> we will create a separate cluster for it [15:25:01] <_joe_> that will be php7.2-only from day 1 [15:25:11] thank goodness [15:25:15] (php72) [15:25:16] <_joe_> restbase and its use of cassandra won't be touched for now [15:25:19] right [15:25:41] ok so there is not yet the php replacement in core then [15:25:46] but soon? [19:19:43] 10serviceops, 10Operations: convert parsoid cluster from parsoid/JS to parsoid/PHP - https://phabricator.wikimedia.org/T233654 (10Dzahn) [20:07:48] 10serviceops, 10Operations, 10Performance-Team, 10observability: Ensure graphs used by Performance account for Varnish-to-ATS migration - https://phabricator.wikimedia.org/T233474 (10Krinkle) p:05Triage→03Normal a:03Krinkle [20:38:39] 10serviceops, 10Services: mobileapps/aqs/recommendation-api (nodejs services) improve resilience against short network outages - https://phabricator.wikimedia.org/T233660 (10Dzahn) [20:46:31] 10serviceops, 10Services: mobileapps/aqs/recommendation-api (nodejs services) improve resilience against short network outages - https://phabricator.wikimedia.org/T233660 (10faidon) Is this a duplicate or superset of T162818?