[14:17:14] <bblack>	 vgutierrez: in case you didn't see it yourself: https://community.letsencrypt.org/t/acme-v1-v2-validating-challenges-from-multiple-network-vantage-points/112253
[14:17:38] <vgutierrez>	 that smells like more work
[14:17:41] * vgutierrez hides
[14:17:42] <vgutierrez>	 ;P
[14:18:02] <bblack>	 I think we're okand no new work needed
[14:18:13] <vgutierrez>	 yeah
[14:18:24] <bblack>	 TL;DR is they're going to start hitting our acme dns challenge data multiple times from multiple places
[14:18:43] <bblack>	 apparently starting like yesterday
[14:18:50] <vgutierrez>	 yup, bday present for me apparently
[14:18:56] <bblack>	 :)
[14:19:16] <vgutierrez>	 so people restricts incoming DNS traffic to auth servers?
[14:19:32] <bblack>	 hopefully not!
[14:19:44] <bblack>	 I think the customer issues they're expecting are things like:
[14:20:14] <bblack>	 "oh we only ever published it to our one server in north america, because all your tests seemed to always land there, we didn't set up our infra to replicate acme challenges to our other auth servers!"
[14:20:47] <bblack>	 and also: "We were very silly and designed our solution to yank the challenge back off the servers after we've seen it queried once"
[15:12:37] <_joe_>	 hi, I'm going to merge the final boss of my war against the old lvs::configuration, https://gerrit.wikimedia.org/r/#/c/operations/puppet/+/572215/
[15:12:55] <_joe_>	 I got a +1 earlier from valentin, but I'm going to be cautious and run puppet on one lvs at a time
[15:13:03] <_joe_>	 the compiler says a noop anyways, 
[15:13:16] <_joe_>	 but I'll disable puppet for a while on the lvs servers, FYI
[15:13:20] <vgutierrez>	 ack
[15:27:47] <bblack>	 125G
[15:28:50] <vgutierrez>	 ?
[15:29:01] <bblack>	 vi command in the wrong place :)
[15:37:48] <sukhe>	 or maybe it's bblack from the future with 125G wireless technology
[15:41:40] <robh>	 So I only updated 2 of the esams hosts yesterday, got busy and paranoid about doing changes super late in day ;D
[15:41:53] <robh>	 I'll continue them later this afternoon, just echoing in here in case of blockers.
[15:42:08] <robh>	 (also if anyone notices anything odd with esams two hosts from yesterday, let me know to stop)
[15:42:28] <robh>	 I wont start again until Pacific tz PM
[15:45:38] <vgutierrez>	 robh: no problem
[15:45:45] <robh>	 =]
[15:46:03] <vgutierrez>	 I've double checked this EU morning and everything looked good
[15:46:18] <robh>	 cool
[17:12:30] <wikibugs>	 10netops, 10Operations, 10Patch-For-Review: Add monitoring for BGP peers exceeding prefix-limit - https://phabricator.wikimedia.org/T239256 (10ayounsi) This surfaced that the v6 sessions to the Equinix router servers in Dallas and Ashburn have been down for quite a while.
[17:19:52] <robh>	 bblack: I just got an email from digicert regarding safari's policy for future use to not allow certs longer than 398 days.  Since we never renew them that long, we are unaffected, just sharing.
[17:22:37] <bblack>	 yeah I saw, seems like a good thing really :)
[17:23:01] <robh>	 indeed
[17:52:57] <wikibugs>	 10netops, 10Operations, 10cloud-services-team (Kanban): CloudVPS: enable BGP in the neutron transport network - https://phabricator.wikimedia.org/T245606 (10aborrero) Additional tests related to this are blocked on missing backported packages for the stretck-pike combo: `python3-os-ken` and `neutron-dynamic-...
[21:11:05] <wikibugs>	 10Traffic, 10ContentSecurityPolicy, 10Gerrit, 10Operations, and 2 others: Add gerrit.wikimedia.org to the Phabricator CSP - https://phabricator.wikimedia.org/T218308 (10chasemp)