[12:31:26] 10Wikimedia-Apache-configuration, 10Operations, 10User-revi: Change kr.wikimedia.org redirection destination - https://phabricator.wikimedia.org/T222033 (10revi) 05Open→03Resolved Was done on the day it was merged but all of us forgot to close the ticket. [14:15:54] 10netops, 10Operations, 10netbox: Netbox racks consistency report - https://phabricator.wikimedia.org/T212878 (10faidon) This is the kind of thing that: - Removes flexibility from DC Ops - If it occurs, it's not affecting anyone else but the DC Ops person on the ground (compared to e.g. a documentation or op... [14:41:26] 10Traffic, 10Operations, 10ops-eqiad, 10Patch-For-Review: rack/setup/install lvs101[3-6] - https://phabricator.wikimedia.org/T184293 (10BBlack) p:05Normal→03High Outside of immediate emergency situations, resolving any blockers to get the remaining two LVSes into service should be a very high priority... [15:29:31] 10netops, 10Operations, 10netbox: Netbox racks consistency report - https://phabricator.wikimedia.org/T212878 (10ayounsi) I mentioned 2 examples in the description: > For example in https://netbox.wikimedia.org/dcim/racks/1/ asw2 is "Position U31 / Front" while it should (and is physically) in the back > f... [16:41:52] 10Traffic, 10Operations, 10Security-Team: scan external ranges with current Nessus rulesets - https://phabricator.wikimedia.org/T222097 (10chasemp) [16:43:21] 10Traffic, 10Operations, 10Security-Team: scan external ranges with current Nessus rulesets - https://phabricator.wikimedia.org/T222097 (10chasemp) [16:45:30] 10Traffic, 10Operations, 10Security-Team: scan external ranges with current Nessus rulesets - https://phabricator.wikimedia.org/T222097 (10chasemp) A few scans of all ranges didn't turn up too much scary. A collection of mediums that are mostly SSL shenanigans or weak SSH ciphers etc. T222392 was the most... [16:45:55] 10Traffic, 10Operations, 10Security-Team: scan external ranges with current Nessus rulesets - https://phabricator.wikimedia.org/T222097 (10chasemp) 05Open→03Resolved a:03chasemp If anyone is curious to see the results #secteam can share but at this point I'm not going to put it all up in phab. [17:35:56] vgutierrez: does this seem ok'ish ? https://gerrit.wikimedia.org/r/c/operations/puppet/+/509475 [17:36:31] yeah [17:36:40] sorry about the delay [17:36:50] :) cool, no worries [17:37:02] the content can be added later [18:16:19] i wrote a new runbook for "check rp filter disabled" on LVS machines at https://wikitech.wikimedia.org/wiki/Monitoring/check_rp_filter_disabled [18:16:44] if somebody knows about that, please take a look if it's good enough to merge https://gerrit.wikimedia.org/r/c/operations/puppet/+/506549 or simply edit it [18:16:58] assuming this is traffic because LVS [18:17:17] could be wrong about that too [18:19:25] i found that this check has been added as a follow-up to an incident in 2014 https://wikitech.wikimedia.org/wiki/Incident_documentation/20140203-LVS [18:25:58] mutante: seems like an improvement even as-is, thanks! [18:26:35] alright :) [18:26:59] my goal is to add one to all remaining NRPE checks and then make notes_url a required parameter [18:27:05] maybe add something to the effect of "LVS servers require this setting in order to do their primary job of asymmetrically forwarding traffic" or something like that. [18:27:16] ok, sounds good. will do that [18:27:22] basically there's nothing in that page that really says that the setting is actually useful or important on LVS, just that it's there :) [18:27:29] true [18:30:20] added verbatim [18:34:53] thanks! [19:18:04] 10Traffic, 10Operations, 10ops-eqiad, 10Patch-For-Review: rack/setup/install lvs101[3-6] - https://phabricator.wikimedia.org/T184293 (10Cmjohnson) [20:15:26] 10Traffic, 10Operations, 10ops-eqiad, 10Patch-For-Review: rack/setup/install lvs101[3-6] - https://phabricator.wikimedia.org/T184293 (10Cmjohnson) lvs1014 idrac is configured and is connected to all the switches vs1014 eth0 asw2-b:xe-7/0/29 lvs1014 eth1 asw2-a:xe-4/0/18 lvs1014 eth2 asw2-c:xe-2/0/13 lv... [20:57:39] 10Traffic, 10Operations, 10ops-eqiad, 10Patch-For-Review: rack/setup/install lvs101[3-6] - https://phabricator.wikimedia.org/T184293 (10Cmjohnson) lvs1013 idrac is configured and connected to all ports and all switches lvs1013 eth0 asw2-a:xe-7/0/34 lvs1013 eth1 asw2-b:xe-4/0/15 lvs1013 eth2 asw2-c:xe-4... [21:02:36] 10Traffic, 10Operations, 10ops-eqiad, 10Patch-For-Review: rack/setup/install lvs101[3-6] - https://phabricator.wikimedia.org/T184293 (10Cmjohnson) I don't think DC-Ops is holding this task up any longer.