[08:33:43] so.. the 3 icinga checks are running as expected in certcentral[12]001 [08:33:56] nice! [08:45:45] regarding the API I'd like to do a L7 check, maybe with a new endpoint like /status or /healthcheck [08:49:27] otherwise the check should consider 4XX codes as OK [08:57:28] vgutierrez: we've various available HTTP checks in icinga, with status code included [08:57:58] yup.. but I don't know if I like the idea of considering a 4XX as good [08:58:40] the other option is swagger [08:59:28] I don't follow [08:59:56] I mean, I'm aware of swagger and I've used it a lot in past projects [09:02:37] if you want to check all your enapoints at once you can setup swagger, if you just want to check the service is UP and you don't have an endpoint that returns always the same return code you might want to add an /healthcheck endpoint, if you don't care which HTTP return code is returned you can have an icinga check for which multiple codes are valid I guess [09:30:58] 10Wikimedia-Apache-configuration, 10Operations, 10Patch-For-Review: Redirect from zh-yue.wiktionary.org is not working properly - https://phabricator.wikimedia.org/T209693 (10ArielGlenn) ` $ curl -D someheaders.txt -H 'X-Wikimedia-Debug: backend=mwdebug1002.eqiad.wmnet' 'https://zh-yue.wiktionary.org/wiki/Pa... [10:00:48] 10Certcentral: puppet still restarts certcentral on config changes instead of reloading it - https://phabricator.wikimedia.org/T209976 (10Vgutierrez) p:05Triage>03Normal [10:43:46] 10Traffic, 10DNS, 10Operations, 10User-revi: wikidata.org lacks SPF record - https://phabricator.wikimedia.org/T210134 (10revi) [11:00:37] 10Traffic, 10DNS, 10Operations, 10Wikidata, 10User-revi: wikidata.org lacks SPF record - https://phabricator.wikimedia.org/T210134 (10Addshore) [16:18:54] 10Traffic, 10Operations, 10Patch-For-Review: Migrate most standard public TLS certificates to CertCentral issuance - https://phabricator.wikimedia.org/T207050 (10Vgutierrez) [16:42:26] 10Traffic, 10Operations, 10Privacy: Disable WMF-Last-Access cookies for wmfusercontent.org - https://phabricator.wikimedia.org/T210167 (10Krinkle) [16:44:29] 10Traffic, 10Operations, 10Privacy: Disable WMF-Last-Access cookies for wmfusercontent.org - https://phabricator.wikimedia.org/T210167 (10Krinkle) This also relates to T202479, in that it touches on the larger problem of not having an established way to detect in Varnish whether the request is for a wiki or... [23:40:51] 10Certcentral, 10Traffic, 10Operations, 10Patch-For-Review: Create and deploy a centralized letsencrypt service - https://phabricator.wikimedia.org/T194962 (10Krenair) @vgutierrez: are we done with this task? [23:41:40] 10Certcentral, 10Traffic, 10Operations, 10Patch-For-Review: Create and deploy a centralized letsencrypt service - https://phabricator.wikimedia.org/T194962 (10Krenair) [23:41:43] 10HTTPS, 10Traffic, 10Operations, 10Patch-For-Review: Create a secure redirect service for large count of non-canonical / junk domains - https://phabricator.wikimedia.org/T133548 (10Krenair) [23:41:50] 10Certcentral, 10Traffic, 10Operations, 10Patch-For-Review: Create and deploy a centralized letsencrypt service - https://phabricator.wikimedia.org/T194962 (10Krenair) [23:41:56] 10HTTPS, 10Traffic, 10Operations, 10Patch-For-Review: Create a secure redirect service for large count of non-canonical / junk domains - https://phabricator.wikimedia.org/T133548 (10Krenair) [23:46:19] 10Certcentral, 10Traffic, 10Operations, 10Goal, 10Patch-For-Review: Deploy a scalable service for ACME (LetsEncrypt) certificate management - https://phabricator.wikimedia.org/T199711 (10Krenair) [23:46:21] 10Certcentral, 10Traffic, 10Operations: certcentral: challenge checking on *all* pooled backend hosts - https://phabricator.wikimedia.org/T203396 (10Krenair) [23:46:29] 10Certcentral, 10Traffic, 10Operations: certcentral: Provide script for certificate revocation - https://phabricator.wikimedia.org/T203423 (10Krenair) [23:46:31] 10Certcentral, 10Traffic, 10Operations, 10Goal, 10Patch-For-Review: Deploy a scalable service for ACME (LetsEncrypt) certificate management - https://phabricator.wikimedia.org/T199711 (10Krenair) [23:47:05] 10Certcentral, 10Traffic, 10Operations, 10Goal, 10Patch-For-Review: Deploy a scalable service for ACME (LetsEncrypt) certificate management - https://phabricator.wikimedia.org/T199711 (10Krenair) @Vgutierrez: I'm thinking we should close this and open a new task about improving our certcentral setup to t... [23:47:26] 10Certcentral, 10Traffic, 10Operations, 10Goal, 10Patch-For-Review: Deploy a scalable service for ACME (LetsEncrypt) certificate management - https://phabricator.wikimedia.org/T199711 (10Krenair) [23:51:33] 10Certcentral, 10Traffic, 10Operations, 10Goal, 10Patch-For-Review: Deploy a scalable service for ACME (LetsEncrypt) certificate management - https://phabricator.wikimedia.org/T199711 (10Krenair) [23:51:44] 10Certcentral, 10Traffic, 10Operations, 10Goal, 10Patch-For-Review: Deploy a scalable service for ACME (LetsEncrypt) certificate management - https://phabricator.wikimedia.org/T199711 (10Krenair) [23:53:08] 10Certcentral, 10Traffic, 10Operations, 10Goal, 10Patch-For-Review: Deploy a scalable service for ACME (LetsEncrypt) certificate management - https://phabricator.wikimedia.org/T199711 (10Krenair) [23:53:12] 10HTTPS, 10Traffic, 10Operations, 10Patch-For-Review: Create a secure redirect service for large count of non-canonical / junk domains - https://phabricator.wikimedia.org/T133548 (10Krenair) [23:53:16] 10Certcentral, 10Traffic, 10Operations, 10Patch-For-Review: Create and deploy a centralized letsencrypt service - https://phabricator.wikimedia.org/T194962 (10Krenair) 05Open>03Resolved I'm just boldly marking this as resolved but feel free to revert if you disagree [23:55:07] 10Certcentral, 10Traffic, 10Operations, 10Goal, 10Patch-For-Review: Deploy a scalable service for ACME (LetsEncrypt) certificate management - https://phabricator.wikimedia.org/T199711 (10Krenair) 05Open>03Resolved I've rearranged the structure of these tasks to be logical and this has no more open su... [23:56:54] 10Certcentral, 10Traffic, 10Operations, 10Goal, 10Patch-For-Review: Deploy a scalable service for ACME (LetsEncrypt) certificate management - https://phabricator.wikimedia.org/T199711 (10Krenair) [23:56:56] 10Certcentral, 10Traffic, 10Operations: certcentral: delay deployment of renewed certs to wait out skewed client clocks - https://phabricator.wikimedia.org/T204997 (10Krenair) [23:57:19] 10Certcentral, 10Traffic, 10Operations, 10Goal, 10Patch-For-Review: Deploy a scalable service for ACME (LetsEncrypt) certificate management - https://phabricator.wikimedia.org/T199711 (10Krenair) [23:57:21] 10Certcentral, 10Traffic, 10Operations: Integrate certspotter with certcentral to avoid certspotter notifying us on legitimate certs generated by our certcentral boxes - https://phabricator.wikimedia.org/T204994 (10Krenair) [23:59:26] 10Traffic, 10Operations: Update certspotter - https://phabricator.wikimedia.org/T204993 (10Krenair) @faidon: Is this now done?