[01:24:27] 10Traffic, 10ArchCom-RfC, 06Commons, 10MediaWiki-File-management, and 14 others: Define an official thumb API - https://phabricator.wikimedia.org/T66214#2853133 (10GWicke) >>! In T66214#2850204, @Ciencia_Al_Poder wrote: >>>! In T66214#2827486, @GWicke wrote: >> Since the need for explicit control should be... [13:15:03] Found https://mozilla.github.io/server-side-tls/ssl-config-generator that looks interesting (probably OLD but I just found it :) [15:05:02] 10netops, 06Labs, 10Labs-Infrastructure, 06Operations, 10wikitech.wikimedia.org: Move novaobserver (and novaadmin) users out of ldap - https://phabricator.wikimedia.org/T152215#2854130 (10Krenair) [15:08:27] 10netops, 06Labs, 10Labs-Infrastructure, 06Operations, and 3 others: Provide read-only access to OpenStack APIs from WMF IP space - https://phabricator.wikimedia.org/T150092#2854135 (10Andrew) [15:08:28] 10netops, 06Labs, 10Labs-Infrastructure, 06Operations, 10wikitech.wikimedia.org: Move novaobserver (and novaadmin) users out of ldap - https://phabricator.wikimedia.org/T152215#2854133 (10Andrew) 05Open>03Resolved This should be resolved by https://gerrit.wikimedia.org/r/#/c/325371/ [16:23:27] bblack, ostriches - ok to merge https://gerrit.wikimedia.org/r/#/c/305536 ? [16:25:58] elukey: yes! [16:30:04] ok last checks and then I'll proceed [16:52:56] awesome :) [17:13:29] elukey: Yay awesome! (Sorry, was afk this morning, late start) [17:14:07] ostriches: :) puppet is running on mw1* hosts atm [17:21:37] elukey: Once that's done on mw1* and mw2* hosts, I'll land the change to wmf-config to drop the docroot directory. [17:23:06] ostriches: maybe let's do it tomorrow, just in case :) [17:23:42] Okie dokie [17:24:49] ostriches: done :) [17:30:48] 10Traffic, 10MediaWiki-ResourceLoader, 06Operations, 06Performance-Team: Expires header for load.php should be relative to request time instead of cache time - https://phabricator.wikimedia.org/T105657#2854573 (10Krinkle) a:03Krinkle [18:35:29] 10Traffic, 10Varnish, 06Operations, 06Performance-Team: Collect Backend-Timing in Graphite - https://phabricator.wikimedia.org/T131894#2854865 (10Gilles) p:05Normal>03High a:03Gilles [19:42:56] 10Domains, 10Traffic, 15User-Urbanecm: Wikipedia.cz and other domains owned by WMCZ have invalid certificate - https://phabricator.wikimedia.org/T152622#2855163 (10Urbanecm) [19:47:31] 07HTTPS, 10Traffic, 06Operations, 13Patch-For-Review: Create a secure redirect service for large count of non-canonical / junk domains - https://phabricator.wikimedia.org/T133548#2855176 (10Urbanecm) [19:47:33] 10Domains, 10Traffic, 06Operations, 15User-Urbanecm: Wikipedia.cz and other domains owned by WMCZ have invalid certificate - https://phabricator.wikimedia.org/T152622#2855175 (10Urbanecm) [20:25:46] 10Domains, 10Traffic, 06Operations, 15User-Urbanecm: Wikipedia.cz and other domains owned by WMCZ have invalid certificate - https://phabricator.wikimedia.org/T152622#2855117 (10Krenair) There are two serious technical ways to fix this. There may be policy reasons why not to do one or both of these 1) Tran... [21:01:31] 10netops, 06Operations, 10ops-codfw: ms-fe200[5-8] switch port configuration - https://phabricator.wikimedia.org/T152627#2855380 (10Papaul) [22:22:04] 10Traffic, 10Varnish, 06Operations, 06Performance-Team: Collect Backend-Timing in Graphite - https://phabricator.wikimedia.org/T131894#2855723 (10Gilles) ``` gilles@deployment-cache-text04:~$ sudo varnishlog -I BerespHeader:Backend-Timing -g raw ``` [22:43:53] 10Traffic, 10Varnish, 06Operations, 06Performance-Team: Collect Backend-Timing in Graphite - https://phabricator.wikimedia.org/T131894#2182123 (10fgiunchedi) @gilles there's already a number of statsd/graphite python scripts in puppet that read varnish's shared memory. Could be of inspiration e.g. `varnish... [22:45:35] 10Traffic, 10Varnish, 06Operations, 06Performance-Team: Collect Backend-Timing in Graphite - https://phabricator.wikimedia.org/T131894#2855765 (10Gilles) Right, I wrote/refactored some :) Do you think we should add that feature to an existing one, or write a new one? Since this will look at almost all requ... [23:21:26] 10Traffic, 10Varnish, 06Operations, 06Performance-Team: Collect Backend-Timing in Graphite - https://phabricator.wikimedia.org/T131894#2855871 (10fgiunchedi) >>! In T131894#2855765, @Gilles wrote: > Right, I wrote/refactored some :) Do you think we should add that feature to an existing one, or write a new... [23:42:53] bblack: the other day I've submitted https://github.com/gdnsd/gdnsd/issues/136 for gdnsd+prometheus, I'll try take a stab at it since the text format shouldn't be conceptually very different than json/csv [23:49:05] the world needs new formats! :P [23:49:48] but more seriously, in the long term gdnsd's http code is dead code (to be removed in favor of control sockets and local output files, etc, and probably json-only) [23:50:13] but the long term (new branch) has been stretching its timeline out for over a year, with no end in sight, so... [23:50:23] that may not mean much pragmatically speaking [23:50:59] but still, is this really the model? prometheus monitors everything, but everything should output new prometheus data formats? [23:52:48] the former is what I'd like to have :P the latter is not necessary, for e.g. varnish we've ran an add-on exporter to convert varnishstat -j into prometheus metrics, though for services that natively support prometheus e.g. k8s we'd add their http endpoints directly to prometheus config [23:52:55] instead of pointing prometheus to the exporter's http [23:53:32] I'm fine doing the same (writing an exporter) for gdnsd too btw, also given what you said above re: http being dead code [23:54:50] it might be easiest for now, to pull the data from curl http://127.0.0.1:3506/json in a convertor [23:55:34] the idea in the Future Gdnsd Code That May Never Be Released is to offer live stats on request over a control socket, and also output them periodically to a local json file on-disk if configured (kinda like vhtcpd) [23:55:49] and let something else handle HTTP when/if warranted [23:56:27] nice, yeah that makes sense if http isn't used for anything else anyway