[08:40:53] <wikibugs>	 10netops, 10Operations: IPv6 ping to eqiad on ripe-atlas-eqiad IPv6 noisy alert - https://phabricator.wikimedia.org/T205829 (10Marostegui)
[14:03:28] <Krenair>	 vgutierrez, hey
[14:04:34] <vgutierrez>	 hi Krenair 
[14:07:32] <Krenair>	 would it be helpful for us to talk through https://gerrit.wikimedia.org/r/#/c/operations/software/certcentral/+/459581/ or https://gerrit.wikimedia.org/r/#/c/operations/software/certcentral/+/459785/ ?
[14:08:01] <vgutierrez>	 I was about to approve https://gerrit.wikimedia.org/r/#/c/operations/software/certcentral/+/459581/
[14:08:28] <vgutierrez>	 regarding 459785, tests are missing, otherwise it looks good
[14:08:28] <Krenair>	 ok
[14:21:49] <vgutierrez>	 Krenair: BTW, regarding https://gerrit.wikimedia.org/r/#/c/operations/software/certcentral/+/460382/
[14:22:33] <vgutierrez>	 I've seen that the suggested code is handling SUBJECTS_CHANGED status same as SELF_SIGNED
[14:22:54] <Krenair>	 yep
[14:23:04] <Krenair>	 also NEEDS_RENEWAL and EXPIRED
[14:23:05] <vgutierrez>	 but at that point the server doesn't have a certificate that's handling the new SNs
[14:23:12] <vgutierrez>	 *SANs
[14:23:23] <Krenair>	 yes
[14:24:11] <vgutierrez>	 I guess that we should document that, cause the alternative is to issue first a self signed certificate with the new configuration
[14:24:18] <Krenair>	 no
[14:24:19] <Krenair>	 can't do that
[14:24:22] <vgutierrez>	 but that could more disruptive
[14:24:29] <Krenair>	 that'd break existing domains
[14:24:31] <vgutierrez>	 yup
[14:24:52] <Krenair>	 a trusted cert for the wrong domains is just as good as a self-signed cert for new domain
[14:25:07] <Krenair>	 and keeps the existing ones working
[14:25:42] <Krenair>	 could document this
[14:26:47] <Krenair>	 CR-1'd with that
[14:33:53] <wikibugs>	 10Traffic, 10Operations: Package and deploy ATS v8.x - https://phabricator.wikimedia.org/T204232 (10ema) Apache Traffic Server v8.0.0 [[http://trafficserver.apache.org/downloads#8.0.0  | was released ]] on September 25th, 2018. Debian packaging work [[https://salsa.debian.org/debian/trafficserver/merge_request...
[14:52:44] <Krenair>	 vgutierrez, adding tests to 459785 is slightly problematic
[14:53:06] <Krenair>	 seeing as the main part of the code we want to test is outside what's currently covered by the tests
[14:53:35] <vgutierrez>	 right.. API call tests won't cover that :)
[14:53:42] <Krenair>	 so
[14:53:45] <vgutierrez>	 we need to make sure that signal.signal is called as expected
[14:54:00] <Krenair>	 could change things around so that the API always loads config from disk and the tests mock that somehow
[14:54:08] <Krenair>	 and replace state midway through somehow
[14:54:12] <vgutierrez>	 something similar it's already being done for certcentral itself
[14:55:47] <vgutierrez>	 you mean loading the config on every API request?
[14:57:16] <vgutierrez>	 Krenair: right now the API test already invokes create_app() to obtain the Flask app, so you can mock signal.signal before and make sure that gets called
[14:57:53] <vgutierrez>	 https://github.com/wikimedia/certcentral/blob/master/tests/test_api.py#L52
[14:58:13] <Krenair>	 but signal.signal won't be called as the tests set cert_central_config
[14:58:49] <vgutierrez>	 ack, but you can come with a new test that doesn't set cert_central_config, so signal.signal() would be called
[14:59:48] <Krenair>	 I suppose
[15:35:39] <vgutierrez>	 Krenair: are you working on it? I can commit for you if it's not the case
[15:35:43] <Krenair>	 yes
[15:35:49] <vgutierrez>	 ack, I'll wait then :)
[15:37:10] <Krenair>	 vgutierrez, do we also want to simulate inserting a SIGHUP and testing that it calls CertCentralConfig.load ?
[15:38:34] <vgutierrez>	 you would be testing signal.signal in that test, but could be valid as an integration test of course
[15:43:56] <Krenair>	 vgutierrez, can we use assert_called_once_with here?
[15:44:08] <Krenair>	 the second argument will be a reference to an internal function in the API
[15:44:22] <vgutierrez>	 mmm
[15:44:24] <Krenair>	 we only know for sure what the first one will be
[15:50:56] <Krenair>	 https://stackoverflow.com/questions/20428750/pythons-assert-called-with-is-there-a-wildcard-character
[15:53:51] <Krenair>	 vgutierrez, ^
[15:54:10] <Krenair>	 they suggest doing pretty much what I did
[15:54:13] <vgutierrez>	 yup yup
[15:54:17] <vgutierrez>	 I was running some tests
[15:54:18] <vgutierrez>	 you're right :)
[15:54:23] <Krenair>	 with call_args
[15:54:23] <Krenair>	 ok
[16:18:30] <wikibugs>	 10netops, 10Operations, 10fundraising-tech-ops: deploy PFW policy commit 99eb6f026 - https://phabricator.wikimedia.org/T205888 (10Jgreen) p:05Triage>03Normal
[21:17:49] <wikibugs>	 10netops, 10Operations, 10Wikimedia-Incident: asw2-a-eqiad FPC5 gets disconnected every 10 minutes - https://phabricator.wikimedia.org/T201145 (10ayounsi) The logs mentioned during the meeting seem to be the link between a2 and a8 flapping (possibly faulty optic) and VC members re-calculating paths around th...
[21:56:55] <wikibugs>	 10Traffic, 10Community-Tech, 10MediaWiki-Parser, 10Operations: Show SVGs in page language if available - https://phabricator.wikimedia.org/T205040 (10Niharika) p:05Triage>03Normal
[22:23:26] <wikibugs>	 10netops, 10Operations, 10fundraising-tech-ops: deploy PFW policy commit 99eb6f026 - https://phabricator.wikimedia.org/T205888 (10Jgreen) 05Open>03Resolved
[23:11:08] <wikibugs>	 10netops, 10Operations, 10ops-ulsfo: Interface errors on cr4-ulsfo:et-0/0/1 - https://phabricator.wikimedia.org/T205937 (10ayounsi) p:05Triage>03Normal
[23:34:58] <XioNoX>	 https://blog.ipspace.net/2018/09/smart-or-dumb-nics-on-software-gone-wild.html?m=1