[12:34:54] <jbond42>	 volans: XioNoX: fyi i think i have found why nodes still disapear after 7 days.  tl;dr.  the RO puppetdb host is preforming GC operations however we explicitly dont se the GC options on that host (assuming it dosn't do GC)  https://gerrit.wikimedia.org/r/c/operations/puppet/+/674003/
[12:35:42] <jbond42>	 as such they do GC with the default of node-ttl: 7days instead of our config of node-ttl: 14 days
[12:35:49] <moritzm>	 nice catch :-)
[12:36:07] <jbond42>	 :) thx
[12:39:37] <XioNoX>	 nice!
[13:25:12] <volans>	 thx jbond42!
[14:47:51] <cdanis>	 jbond42: overall I think these patches look good, thanks!  left a few nits, a couple questions, and going to spend a little more time staring at the ruby when I'm more awake this afternoon
[14:50:32] <jbond42>	 cdanis: ack thanks, wil add some more info around portend, tl;dr its a bit of a hack so we can support port ranges such as traceroute.  not something usefull to etc/service but is usefull to have the definitions for things like homer
[14:50:53] <cdanis>	 mmm makes sense, was wondering if it was also intended for the mysql setup
[14:52:44] <jbond42>	 for mysql i dont think so but its hard to know.  i had assumed that each mysql service would get its own port e.g. mysql-foo-a and in the homer morule we could create groups on the fly by looking for services['mysql*'].  either way i think in the default setup mysql should == 3306 and have no portend
[14:54:45] <cdanis>	 👍
[14:57:05] <volans>	 are the DBA migrating the single instance hosts to use the dedicated port? or we're still using 3306 on those and plan to keep it that way?
[15:02:20] <jbond42>	 this seems to be the port list for mysql https://github.com/wikimedia/puppet/blob/da54cc6f29debe9703448f60c6a3cf3d8f5c9345/hieradata/common/profile/mariadb.yaml#L1-L24 so we could have e.g. {mysql-s1: tcp/3311, mysql-s2: tcp/3312, ... mysql-analytics_meta: tcp/3352}
[15:05:23] <volans>	 we also have the mgmt ports fwiw
[15:05:31] <volans>	 IIRC is port+20
[15:07:43] <jbond42>	 thx volans 
[15:09:25] <volans>	 but my worry is mostly that we authorize something for mysql-s1 and we endup not authorizing those hosts (if they are still there) that are listening for s1 on 3306
[15:31:14] <jbond42>	 volans: im not sure i parse your last comment hwoever its worth nting that in the current implmentation of the netbase module all it dose is provide information.  the implmentation that XioN.oX is looking at for homer will need to have additional groupping capabilities which would be used to create a global mysql group for anything that looks like mysql.  the later, homer integration 
[15:31:21] <jbond42>	 module has not been writen yet however i ...
[15:31:23] <jbond42>	 ... think it should work with the formats and assumptions in https://gerrit.wikimedia.org/r/c/operations/puppet/+/670917
[15:32:52] <volans>	 jbond42: just that mysql-s1 might be 3306 on some hosts and 3311 on others as of current status
[15:33:23] <volans>	 the additional ports started with the multi-instance colocated on the same hosts
[15:33:49] <volans>	 I dunno what are the plans for the future, if the DBAs wants to standardize on the custom ports also for hosts with just one instance
[15:37:55] <jbond42>	 volans: act thanks thats good to know.  My understanding is that the homer rules will likle be `anything that looks mysql <-> anything that looks mysql` so its likley going to be more permissive then too strict hwoever definetly something to consider when we actully start changing firewalls thanks